Summary: | <media-libs/gd-2.3.3: OOB read (CVE-2021-38115) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | codec |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/libgd/libgd/issues/697 | ||
Whiteboard: | B3 [noglsa cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 858275 | ||
Bug Blocks: |
Description
John Helmert III
2021-08-07 22:47:01 UTC
Fixed in commit https://github.com/libgd/libgd/commit/edaf39fe6fb0d1867b9b5992efb9fe4102138553 (as linked before), commit went into release 2.3.3 (https://github.com/libgd/libgd/releases/tag/gd-2.3.3)). There is still version 2.3.2 left in tree and marked as stable while 2.3.3 is unstable. I'd recommend cleanup and security stabilisation of 2.3.3 once someone from the codec project confirms this. OOB read is low impact, no GLSA. Please cleanup. |