Summary: | <media-libs/openexr-{2.5.7,3.1.1}: OOB read (CVE-2021-3605) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | media-video, proxy-maint, waebbl-gentoo |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1970991 | ||
Whiteboard: | B4 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 787452 | ||
Bug Blocks: |
Description
John Helmert III
![]() ![]() ![]() ![]() I can see the patch is in 3.1.1, what about 2.5.x? Should be in 2.5.7 as well, if I'm not wrong, see [1][2][3]. [3] mentions PR 1036. [1] https://github.com/AcademySoftwareFoundation/openexr/pull/1036#ref-pullrequest-911002150 [2] https://github.com/AcademySoftwareFoundation/openexr/pull/1040 [3] https://github.com/AcademySoftwareFoundation/openexr/blob/RB-2.5/CHANGES.md Thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7683cc9603063d01488cfc83b79ca58f6cc1c207 commit 7683cc9603063d01488cfc83b79ca58f6cc1c207 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-01-09 15:04:56 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-01-09 15:47:59 +0000 media-libs/ilmbase: Drop 2.5.6 Drops ppc/ppc64 to ~arch. IUSE openexr has been stable-masked on ppc64 with commit 152f2066 and remains in use.mask on ppc32 anyway. Bug: https://bugs.gentoo.org/787452 Bug: https://bugs.gentoo.org/801373 Bug: https://bugs.gentoo.org/810541 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/ilmbase/Manifest | 1 - media-libs/ilmbase/ilmbase-2.5.6.ebuild | 41 --------------------------------- 2 files changed, 42 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35787c9f4ca8dd500938349db43ecfee3fe44805 commit 35787c9f4ca8dd500938349db43ecfee3fe44805 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-01-09 14:55:16 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-01-09 15:47:58 +0000 media-libs/openexr: Cleanup vulnerable 2.5.6 Bug: https://bugs.gentoo.org/787452 Bug: https://bugs.gentoo.org/801373 Bug: https://bugs.gentoo.org/810541 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/openexr/Manifest | 1 - media-libs/openexr/openexr-2.5.6.ebuild | 62 --------------------------------- 2 files changed, 63 deletions(-) GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d4c4a128904601416fe6b2663ba5e3ef91394c37 commit d4c4a128904601416fe6b2663ba5e3ef91394c37 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:28:08 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:17 +0000 [ GLSA 202210-31 ] OpenEXR: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/787452 Bug: https://bugs.gentoo.org/801373 Bug: https://bugs.gentoo.org/810541 Bug: https://bugs.gentoo.org/817431 Bug: https://bugs.gentoo.org/830384 Bug: https://bugs.gentoo.org/838079 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-31.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) GLSA released, all done! |