Summary: | <media-libs/libjpeg-turbo-2.0.4: buffer overrun vulnerability (CVE-2020-17541) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | codec |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 814206 | ||
Bug Blocks: |
Description
John Helmert III
2021-06-22 03:10:20 UTC
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. (In reply to John Helmert III from comment #0) > Patch: > https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ > 6bbc0a3c703f5ea2aecc3a6e60e8ba2935febb82 > Patch is in our 2.x version but doesn't appear to be in a tagged release for > the 1.x branch. Yeah, here's the commit that's been in 2.x since 2.0.4: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c76f4a08263b0cea40d2967560ac7c21f6959079 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64cfcaa52778c853abeb26d16803346a4023f181 commit 64cfcaa52778c853abeb26d16803346a4023f181 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-10-14 21:59:28 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-10-17 20:36:35 +0000 media-libs/libjpeg-turbo: drop 1.5.3-r4, 2.1.0-r2 Bug: https://bugs.gentoo.org/797424 Bug: https://bugs.gentoo.org/814206 Closes: https://bugs.gentoo.org/787422 Signed-off-by: John Helmert III <ajak@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/22581 media-libs/libjpeg-turbo/Manifest | 2 - .../files/libjpeg-turbo-1.2.0-x32.patch | 38 ------ .../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43 ------- .../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 -------- .../files/libjpeg-turbo-1.5.3-divzero_fix.patch | 18 --- .../libjpeg-turbo/libjpeg-turbo-1.5.3-r4.ebuild | 126 -------------------- .../libjpeg-turbo/libjpeg-turbo-2.1.0-r2.ebuild | 128 --------------------- 7 files changed, 400 deletions(-) |