| Summary: | <media-libs/libaom-3.2.0: Use-after-free (CVE-2021-{30474,30475}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | media-video |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 828112 | ||
| Bug Blocks: | |||
|
Description
Sam James
2021-06-02 18:20:35 UTC
* CVE-2021-30475 Description: "aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow." (In reply to Sam James from comment #1) > * CVE-2021-30475 > > Description: > "aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer > overflow." https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0 https://bugs.chromium.org/p/aomedia/issues/detail?id=2999 Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=628a37720393c8362cdecfaa9686e1e873f320c5 commit 628a37720393c8362cdecfaa9686e1e873f320c5 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-12-24 06:13:33 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-12-24 06:13:33 +0000 media-libs/libaom: add 3.2.0 Bug: https://bugs.gentoo.org/816027 Bug: https://bugs.gentoo.org/828112 Bug: https://bugs.gentoo.org/793932 Bug: https://bugs.gentoo.org/798126 Signed-off-by: Sam James <sam@gentoo.org> media-libs/libaom/Manifest | 1 + media-libs/libaom/libaom-3.2.0.ebuild | 84 +++++++++++++++++++++++++++++++++++ media-libs/libaom/libaom-9999.ebuild | 13 ++++-- 3 files changed, 95 insertions(+), 3 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b879fded0dc01423d42526dbab7e9f66eefedbc commit 8b879fded0dc01423d42526dbab7e9f66eefedbc Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-01-09 15:26:41 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-01-09 15:48:04 +0000 media-libs/libaom: Cleanup vulnerable 2.0.0, 2.0.1 and 3.1.2 Bug: https://bugs.gentoo.org/828112 Bug: https://bugs.gentoo.org/793932 Bug: https://bugs.gentoo.org/798126 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/libaom/Manifest | 3 - media-libs/libaom/files/libaom-1.0.0-armv7l.patch | 13 --- .../libaom/files/libaom-1.0.0-update-vsx-ppc.patch | 126 --------------------- media-libs/libaom/files/libaom-1.0.0-version.patch | 10 -- media-libs/libaom/files/libdirpc2.patch | 48 -------- media-libs/libaom/files/pthread_lib2.patch | 14 --- media-libs/libaom/libaom-2.0.0.ebuild | 76 ------------- media-libs/libaom/libaom-2.0.1.ebuild | 76 ------------- media-libs/libaom/libaom-3.1.2.ebuild | 76 ------------- 9 files changed, 442 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=79547e85d0408ff5ac12c87ed1c3639370e3f339 commit 79547e85d0408ff5ac12c87ed1c3639370e3f339 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-31 13:58:08 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-31 13:58:35 +0000 [ GLSA 202401-32 ] libaom: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/793932 Bug: https://bugs.gentoo.org/798126 Bug: https://bugs.gentoo.org/828112 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-32.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) |