| Summary: | <media-libs/libjpeg-turbo-2.0.4: buffer overrun vulnerability (CVE-2020-17541) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | codec |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 | ||
| Whiteboard: | B3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 814206 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2021-06-22 03:10:20 UTC
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. (In reply to John Helmert III from comment #0) > Patch: > https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ > 6bbc0a3c703f5ea2aecc3a6e60e8ba2935febb82 > Patch is in our 2.x version but doesn't appear to be in a tagged release for > the 1.x branch. Yeah, here's the commit that's been in 2.x since 2.0.4: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c76f4a08263b0cea40d2967560ac7c21f6959079 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64cfcaa52778c853abeb26d16803346a4023f181 commit 64cfcaa52778c853abeb26d16803346a4023f181 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-10-14 21:59:28 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-10-17 20:36:35 +0000 media-libs/libjpeg-turbo: drop 1.5.3-r4, 2.1.0-r2 Bug: https://bugs.gentoo.org/797424 Bug: https://bugs.gentoo.org/814206 Closes: https://bugs.gentoo.org/787422 Signed-off-by: John Helmert III <ajak@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/22581 media-libs/libjpeg-turbo/Manifest | 2 - .../files/libjpeg-turbo-1.2.0-x32.patch | 38 ------ .../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43 ------- .../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 -------- .../files/libjpeg-turbo-1.5.3-divzero_fix.patch | 18 --- .../libjpeg-turbo/libjpeg-turbo-1.5.3-r4.ebuild | 126 -------------------- .../libjpeg-turbo/libjpeg-turbo-2.1.0-r2.ebuild | 128 --------------------- 7 files changed, 400 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=508b72c9779f4f058551ebb133c5d5f21fd4e654 commit 508b72c9779f4f058551ebb133c5d5f21fd4e654 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-07 05:04:06 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-07 05:04:24 +0000 [ GLSA 202405-20 ] libjpeg-turbo: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/797424 Bug: https://bugs.gentoo.org/814206 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-20.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) |