Summary: | <media-libs/leptonica-1.80.0: multiple vulnerabilities (CVE-2020-{36277,36278,36279,36280,36281) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | chewi |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
media-libs/leptonica-1.80.0
|
Runtime testing required: | Yes |
Description
John Helmert III
![]() ![]() ![]() ![]() CVE-2020-36277: Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c CVE-2020-36278: Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. CVE-2020-36279: Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. CVE-2020-36280: Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c I understand we have 1.80.0 in tree since last August. Please run the tests when stabilising. amd64 done x86 done arm64 done ppc done ppc64 done arm done all arches done Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6c29e1f27e5073deee0636184b3a27677978ba4 commit d6c29e1f27e5073deee0636184b3a27677978ba4 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2021-05-30 17:59:49 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2021-05-30 17:59:49 +0000 media-libs/leptonica: Drop old and vulnerable 1.74.4 Bug: https://bugs.gentoo.org/775629 Package-Manager: Portage-3.0.19, Repoman-3.0.3 Signed-off-by: James Le Cuirot <chewi@gentoo.org> media-libs/leptonica/Manifest | 1 - media-libs/leptonica/files/baseline_reg.patch | 22 ---------- media-libs/leptonica/leptonica-1.74.4.ebuild | 63 --------------------------- 3 files changed, 86 deletions(-) Thanks! GLSA request filed. This issue was resolved and addressed in GLSA 202107-53 at https://security.gentoo.org/glsa/202107-53 by GLSA coordinator John Helmert III (ajak). |