Summary: | <media-gfx/exiv2-0.27.2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled, kde |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/Exiv2/exiv2/pull/943 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-gfx/exiv2-0.27.2
|
Runtime testing required: | --- |
Bug Depends on: | 688566, 688912 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2019-07-11 05:17:38 UTC
0.27.2 release is planned for 2019-07-31 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5596fa323540961fec3729e052a75baa88c8954 commit a5596fa323540961fec3729e052a75baa88c8954 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2019-07-21 15:59:57 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-07-21 16:13:21 +0000 media-gfx/exiv2: 0.27.2_rc3 version bump for testing This is the last RC before 0.27.2 release that is planned for 2019-07-31. Bug: https://bugs.gentoo.org/689642 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.27.2_rc3.ebuild | 103 ++++++++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0e96ba43734040a82ad7b8302da4bf147802ef9 commit d0e96ba43734040a82ad7b8302da4bf147802ef9 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2019-07-29 18:49:26 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-07-29 18:55:40 +0000 media-gfx/exiv2: 0.27.2 version bump Bug: https://bugs.gentoo.org/689642 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.27.2.ebuild | 101 ++++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) Documentation changes only since rc3, arches please stabilise. arm64 stable ppc stable ppc64 stable amd64 stable x86 stable alpha stable sparc stable ia64 stable arm stable CVE-2019-13114 (https://github.com/Exiv2/exiv2/issues/793): http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character. CVE-2018-20097 (https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html): There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. CVE-2020-18831 (https://github.com/Exiv2/exiv2/issues/828): Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. |