Summary: | <media-libs/exiftool-12.16-r1: Code execution when parsing DjVu files | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | atoth |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
media-libs/exiftool-12.16-r1
|
Runtime testing required: | --- |
Bug Depends on: | 791397 | ||
Bug Blocks: |
Description
Sam James
2021-04-25 17:28:25 UTC
@perl if you can try look at this soon? exiftool-12.25 is available upstreams and compiles as expected. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d7a897605b349d4f2c8e87907876b42e99f8ffa commit 6d7a897605b349d4f2c8e87907876b42e99f8ffa Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-05-03 13:57:33 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-05-03 13:57:33 +0000 media-libs/exiftool: fix CVE-2021-22204 Bug: https://bugs.gentoo.org/785667 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/exiftool/exiftool-12.16-r1.ebuild | 27 +++++++++++++++++++ .../files/exiftool-12.16-CVE-2021-22204.patch | 30 ++++++++++++++++++++++ 2 files changed, 57 insertions(+) ppc done amd64 done x86 done ppc64 stable arm64 done all arches done Please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe715cdbd52629a1deb0f8cf83206c54a5fc92b4 commit fe715cdbd52629a1deb0f8cf83206c54a5fc92b4 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-05-13 13:48:20 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-05-13 13:48:20 +0000 media-libs/exiftool: Remove old Bug: https://bugs.gentoo.org/785667 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> media-libs/exiftool/Manifest | 1 - media-libs/exiftool/exiftool-12.08.ebuild | 25 ------------------------- media-libs/exiftool/exiftool-12.16.ebuild | 25 ------------------------- 3 files changed, 51 deletions(-) Gone from the tree. Unable to check for sanity:
> no match for package: media-libs/exiftool-12.16-r1
GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=cbb2c6bdcf7c6bcf9d999c22c28ef4eb416b0a51 commit cbb2c6bdcf7c6bcf9d999c22c28ef4eb416b0a51 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-24 06:08:31 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-24 06:08:44 +0000 [ GLSA 202407-27 ] ExifTool: Multiple vulnerabilities Bug: https://bugs.gentoo.org/785667 Bug: https://bugs.gentoo.org/791397 Bug: https://bugs.gentoo.org/803317 Bug: https://bugs.gentoo.org/832033 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-27.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) |