Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 812833

Summary: <media-libs/libexif-0.6.23: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: codec, mgorny
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 817923    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-09-12 23:51:07 UTC 
We patched the other issues (CVEs mentioned in the release notes) in bug 754681, but this wasn't in our snapshot:

"some more denial of service (compute time or stack exhaustion) counter-measures
added that avoid minutes of decoding time with malformed files found
by OSS-Fuzz"

from https://github.com/libexif/libexif/releases/tag/v0.6.23.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-16 23:37:12 UTC 
Please cleanup.
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-10-17 07:16:45 UTC 
(In reply to John Helmert III from comment #1)
> Please cleanup.

done.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-17 12:39:24 UTC 
(In reply to Michał Górny from comment #2)
> (In reply to John Helmert III from comment #1)
> > Please cleanup.
> 
> done.

Thanks!