Summary: | <media-libs/libvpx-{1.7.0-r1,1.8.1}: multiple vulnerabilities (CVE-2019-{9232,9325,9433,9371}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chromium, media-video |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
media-libs/libvpx-1.7.0-r1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-12-02 23:11:50 UTC
There is no information indicating what versions of libvpx are affected. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73760c996a3562ec9d29db3cbab77b8ef8dcc230 commit 73760c996a3562ec9d29db3cbab77b8ef8dcc230 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-12-05 05:11:30 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-12-05 05:15:14 +0000 media-libs/libvpx: bump to v1.8.1 Bug: https://bugs.gentoo.org/701834 Package-Manager: Portage-2.3.80, Repoman-2.3.19 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/libvpx/Manifest | 1 + media-libs/libvpx/libvpx-1.8.1.ebuild | 119 ++++++++++++++++++++++++++++++++++ 2 files changed, 120 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f64e1f924824033b61856a1c4a0162ab675a57a4 commit f64e1f924824033b61856a1c4a0162ab675a57a4 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-12-05 05:09:17 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-12-05 05:15:12 +0000 media-libs/libvpx: security rev bump Bug: https://bugs.gentoo.org/701834 Package-Manager: Portage-2.3.80, Repoman-2.3.19 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> ...libvpx-1.7.0-CVE-2019-9232_9325_9371_9433.patch | 211 +++++++++++++++++++++ media-libs/libvpx/libvpx-1.7.0-r1.ebuild | 131 +++++++++++++ 2 files changed, 342 insertions(+) amd64 stable arm64 stable sparc stable x86 stable ppc64 stable ia64 stable ppc stable arm stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0614c44475793213f4d21c8f5c8b84977a6a1956 commit 0614c44475793213f4d21c8f5c8b84977a6a1956 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-12-26 11:27:16 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-12-26 17:03:02 +0000 media-libs/libvpx: security cleanup Bug: https://bugs.gentoo.org/701834 Package-Manager: Portage-2.3.83, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/14129 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/libvpx/Manifest | 7 -- media-libs/libvpx/libvpx-1.5.0.ebuild | 127 ------------------------------ media-libs/libvpx/libvpx-1.6.0-r1.ebuild | 116 --------------------------- media-libs/libvpx/libvpx-1.6.1.ebuild | 127 ------------------------------ media-libs/libvpx/libvpx-1.7.0.ebuild | 130 ------------------------------ media-libs/libvpx/libvpx-1.8.0-r1.ebuild | 120 ---------------------------- media-libs/libvpx/libvpx-1.8.0.ebuild | 131 ------------------------------- 7 files changed, 758 deletions(-) Tree is clean. New GLSA request filed. This issue was resolved and addressed in GLSA 202003-59 at https://security.gentoo.org/glsa/202003-59 by GLSA coordinator Thomas Deutschmann (whissi). |