Summary: | <media-gfx/exiv2-0.26_p20180811-r1: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Vlad K. <vk-gentoo-bugs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.exiv2.org/ | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=655958 https://bugs.gentoo.org/show_bug.cgi?id=655842 https://bugs.gentoo.org/show_bug.cgi?id=652822 https://bugs.gentoo.org/show_bug.cgi?id=647816 https://bugs.gentoo.org/show_bug.cgi?id=647812 https://bugs.gentoo.org/show_bug.cgi?id=647810 |
||
Whiteboard: | B3 [glsa++ cve] | ||
Package list: |
media-gfx/exiv2-0.26_p20180811-r3
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 647810, 647812, 647816, 652822, 655842, 655958 |
Description
Vlad K.
2018-06-16 15:15:22 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f33aacc28aa4a62c2123dbbecfbdb911dd4ba470 commit f33aacc28aa4a62c2123dbbecfbdb911dd4ba470 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-18 20:45:33 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-18 20:53:50 +0000 media-gfx/exiv2: Add 0.26_p20180811 snapshot Custom packed tarball based on upstream 0.26 branch as of 2018-08-11, fixing CVE-2018-12264, CVE-2018-12265, with downstream updated config.{guess,sub} and fixed CVE-2017-17723. Bug: https://bugs.gentoo.org/647812 Bug: https://bugs.gentoo.org/658236 Closes: https://bugs.gentoo.org/663870 Package-Manager: Portage-2.3.49, Repoman-2.3.10 media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.26_p20180811.ebuild | 123 ++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) CVE-2018-10998 was closed notabug in https://github.com/Exiv2/exiv2/commit/f4e8ed2fd48d012467b99552f0d6378302a23c75, the commit adding the exception is in media-gfx/exiv2-0.26_p20180811. CVE-2018-10780 was declared fixed in https://github.com/Exiv2/exiv2/issues/229, the relevant commit is part of media-gfx/exiv2-0.26_p20180811. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6355d89b9bd7b657c3ad5680f899b6de75de1a7 commit b6355d89b9bd7b657c3ad5680f899b6de75de1a7 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-21 10:12:50 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-21 10:20:37 +0000 media-gfx/exiv2: Tarball respun for CVE-2018-10999, CVE-2018-11531 Custom packed tarball based on upstream 0.26 branch as of 2018-08-11, with additional fixes from git master. Bug: https://bugs.gentoo.org/658236 Package-Manager: Portage-2.3.49, Repoman-2.3.10 media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.26_p20180811-r1.ebuild | 123 +++++++++++++++++++++++++ 2 files changed, 124 insertions(+) sparc done. ia64 stable amd64 stable x86 stable Stable on alpha. ppc/ppc64 stable arm stable, all arches done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c24aae658082194548daf5a845dc996fab7f9f0 commit 8c24aae658082194548daf5a845dc996fab7f9f0 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-10-29 10:06:45 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-10-29 10:14:24 +0000 media-gfx/exiv2: Security cleanup Bug: https://bugs.gentoo.org/658236 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.50, Repoman-2.3.11 media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 136 ------ .../exiv2-0.26_p20180319-CVE-2017-18005.patch | 484 --------------------- .../files/exiv2-0.26_p20180319-CVE-2018-4868.patch | 39 -- .../files/exiv2-0.26_p20180319-clang-fix.patch | 47 -- 5 files changed, 707 deletions(-) Cleanup done, can we please make progress here (and in all depending bugs)? KDE is done here, anyway... Reclassifying B3 (should of been) GLSA Vote: Yes New GLSA Request filed. This issue was resolved and addressed in GLSA 201811-14 at https://security.gentoo.org/glsa/201811-14 by GLSA coordinator Aaron Bauman (b-man). This issue was resolved and addressed in GLSA 201811-14 at https://security.gentoo.org/glsa/201811-14 by GLSA coordinator Aaron Bauman (b-man). |