Summary: | <media-libs/jbig2dec-0.18: Buffer overflow in jbig2_image_compose (CVE-2020-12268) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled, printing |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/16906 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-libs/jbig2dec-0.18
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2020-04-27 04:48:51 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c8aa035785724e5c7dad46b35c25500d4c7135a commit 3c8aa035785724e5c7dad46b35c25500d4c7135a Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-19 18:28:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-19 18:28:16 +0000 media-libs/jbig2dec: security bump to 0.18 Bump to 0.18, but while we're here, add support for newer Pythons at build time. We include two additional upstream patches post-release which look security-relevant. Bug: https://bugs.gentoo.org/719730 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> media-libs/jbig2dec/Manifest | 1 + .../jbig2dec-0.18-extra-overflow-checks.patch | 51 +++++++++++++++ .../files/jbig2dec-0.18-overflow-IAID.patch | 36 +++++++++++ media-libs/jbig2dec/jbig2dec-0.18.ebuild | 73 ++++++++++++++++++++++ 4 files changed, 161 insertions(+) arm stable arm64 stable x86 stable ppc64 stable ppc stable amd64 stable sparc stabled by slyfox in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3169245977a987a67079eb01010a1e1f3b99e738 on 22nd s390 stable hppa: ping GLSA vote: no hppa stable Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af1c2da6c3e7711f6cc2a1c985d23d93d73bbe0f commit af1c2da6c3e7711f6cc2a1c985d23d93d73bbe0f Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-29 19:49:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-29 23:11:45 +0000 media-libs/jbig2dec: security cleanup Bug: https://bugs.gentoo.org/719730 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> media-libs/jbig2dec/Manifest | 2 - .../files/jbig2dec-0.17-fix-test_jbig2dec.py.patch | 39 ------------- media-libs/jbig2dec/jbig2dec-0.14.ebuild | 44 -------------- media-libs/jbig2dec/jbig2dec-0.17-r1.ebuild | 68 ---------------------- 4 files changed, 153 deletions(-) |