Summary: | <media-libs/libcaca-0.99_beta19-r4: buffer overflow vulnerability (CVE-2021-3410) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | bircoph, media-video, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/cacalabs/libcaca/issues/52 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=792339 | ||
Whiteboard: | B2 [glsa?] | ||
Package list: |
media-libs/libcaca-0.99_beta19-r4
|
Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() opensuse applies quite a number of more patches than us over that code: https://build.opensuse.org/package/show/multimedia:libs/libcaca The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e49df2222085dded48b58473bc2fd6347f8352f commit 9e49df2222085dded48b58473bc2fd6347f8352f Author: Andrew Savchenko <bircoph@gentoo.org> AuthorDate: 2021-05-22 11:36:04 +0000 Commit: Andrew Savchenko <bircoph@gentoo.org> CommitDate: 2021-05-22 11:39:14 +0000 media-libs/libcaca: fix multiple CVEs and docs build failure CVE fixed (using Debian patchset): CVE-2018-20544, CVE-2018-20545, CVE-2018-20546, CVE-2018-20547, CVE-2018-20549, CVE-2021-3410. Fix docs build failure (doxygen and latex issues) using both Debian patch and patch from bug 543870#c11. Install docs into proper path. Bug: https://bugs.gentoo.org/543870 Bug: https://bugs.gentoo.org/772317 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Andrew Savchenko <bircoph@gentoo.org> media-libs/libcaca/files/100_doxygen.diff | 170 +++++++++++++++++++ media-libs/libcaca/files/CVE-2018-20544.patch | 45 +++++ .../libcaca/files/CVE-2018-20545+20547+20549.patch | 34 ++++ .../libcaca/files/CVE-2018-20546+20547.patch | 36 ++++ ...em-in-the-caca_resize-overflow-detection-.patch | 135 +++++++++++++++ ...as-fix-an-integer-overflow-in-caca_resize.patch | 141 ++++++++++++++++ media-libs/libcaca/files/fix-css-path.patch | 12 ++ media-libs/libcaca/libcaca-0.99_beta19-r4.ebuild | 182 +++++++++++++++++++++ 8 files changed, 755 insertions(+) Security team, please note that multiple CVEs are present prior to -r4. Also while I helped with current problem, I'm not a maintainer of this packages, so proceed with stabilization on your own or with @media-video team. Thanks! ppc64 done amd64 stable x86 stable ppc done arm done sparc done arm64 done all arches done Please cleanup. Unable to check for sanity:
> no match for package: media-libs/libcaca-0.99_beta19-r4
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a17a038ba653cf52039460cf79adca71ef4a2326 commit a17a038ba653cf52039460cf79adca71ef4a2326 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-18 14:55:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-18 14:56:11 +0000 media-libs/libcaca: drop 0.99_beta19-r5, 0.99_beta19-r6 Bug: https://bugs.gentoo.org/772317 Signed-off-by: Sam James <sam@gentoo.org> media-libs/libcaca/libcaca-0.99_beta19-r5.ebuild | 151 -------------------- media-libs/libcaca/libcaca-0.99_beta19-r6.ebuild | 173 ----------------------- 2 files changed, 324 deletions(-) Unable to check for sanity:
> no match for package: media-libs/libcaca-0.99_beta19-r4
|