Summary: | <media-libs/libheif-{1.4.1,1.5.1}: multiple vulnerabilities (CVE-2019-11471) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/strukturag/libheif/releases/tag/v1.5.0 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: |
media-libs/libheif-1.5.1
dev-lang/go-1.12.9 arm64
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-10-05 01:30:43 UTC
There's a bunch of additional fuzz-related fixes in libheif's upstream git repo (which are present in 1.5.1). Only one vuln got a CVE yet. Let's go with =media-libs/libheif-1.5.1! An automated check of this bug failed - repoman reported dependency errors (6 lines truncated):
> dependency.bad media-libs/libheif/libheif-1.5.1.ebuild: BDEPEND: arm64(default/linux/arm64/17.0) ['dev-lang/go']
> dependency.bad media-libs/libheif/libheif-1.5.1.ebuild: BDEPEND: arm64(default/linux/arm64/17.0/desktop) ['dev-lang/go']
> dependency.bad media-libs/libheif/libheif-1.5.1.ebuild: BDEPEND: arm64(default/linux/arm64/17.0/desktop/gnome) ['dev-lang/go']
x86 stable arm64 stable amd64 stable. Maintainer(s), please cleanup. Security, please vote. This bug should be blocked by #696850 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=299c1ff0f29fab1d72daa3bf6a335a59f775fc02 commit 299c1ff0f29fab1d72daa3bf6a335a59f775fc02 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-10-26 22:03:49 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-10-26 22:04:19 +0000 media-libs/libheif: security cleanup (#696302) Bug: https://bugs.gentoo.org/696302 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/libheif/Manifest | 3 - .../libheif/files/libheif-1.3.2-openjpeg-2.patch | 93 ---------------------- media-libs/libheif/libheif-1.3.2-r1.ebuild | 56 ------------- media-libs/libheif/libheif-1.4.0.ebuild | 58 -------------- media-libs/libheif/libheif-1.4.1.ebuild | 66 --------------- 5 files changed, 276 deletions(-) GLSA Vote: no! Repository is clean, all done! |