| Summary: | <media-libs/libjpeg-turbo-2.1.1: Out of bounds read (CVE-2021-37972) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | codec |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://github.com/gentoo/gentoo/pull/22581 | ||
| Whiteboard: | A3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 787422, 812851 | ||
| Bug Blocks: | 797424, 814221 | ||
|
Description
Sam James
2021-09-21 18:51:45 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5461f1137c410777343daf6c6f688ab8d5422116 commit 5461f1137c410777343daf6c6f688ab8d5422116 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-09-21 19:25:20 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-09-21 19:25:38 +0000 media-libs/libjpeg-turbo: add patch for arm64 writable sections Bug: https://bugs.gentoo.org/814206 Signed-off-by: Sam James <sam@gentoo.org> .../files/libjpeg-turbo-2.1.1-arm64-relro.patch | 20 ++++++++++++++++++++ ...2.1.1-r1.ebuild => libjpeg-turbo-2.1.1-r2.ebuild} | 5 +++++ 2 files changed, 25 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64cfcaa52778c853abeb26d16803346a4023f181 commit 64cfcaa52778c853abeb26d16803346a4023f181 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-10-14 21:59:28 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-10-17 20:36:35 +0000 media-libs/libjpeg-turbo: drop 1.5.3-r4, 2.1.0-r2 Bug: https://bugs.gentoo.org/797424 Bug: https://bugs.gentoo.org/814206 Closes: https://bugs.gentoo.org/787422 Signed-off-by: John Helmert III <ajak@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/22581 media-libs/libjpeg-turbo/Manifest | 2 - .../files/libjpeg-turbo-1.2.0-x32.patch | 38 ------ .../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43 ------- .../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 -------- .../files/libjpeg-turbo-1.5.3-divzero_fix.patch | 18 --- .../libjpeg-turbo/libjpeg-turbo-1.5.3-r4.ebuild | 126 -------------------- .../libjpeg-turbo/libjpeg-turbo-2.1.0-r2.ebuild | 128 --------------------- 7 files changed, 400 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a1c0376c9e1e22ebfabe4333773d390395d5652 commit 9a1c0376c9e1e22ebfabe4333773d390395d5652 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-11-19 06:28:45 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-11-19 06:29:31 +0000 media-libs/libjpeg-turbo: add 2.1.2 Just tagging the security bug to note that while this release upstream contains the executable sections fix, it was already fixed in Gentoo a while ago. Bug: https://bugs.gentoo.org/814206 Signed-off-by: Sam James <sam@gentoo.org> media-libs/libjpeg-turbo/Manifest | 1 + .../libjpeg-turbo/libjpeg-turbo-2.1.2.ebuild | 128 +++++++++++++++++++++ 2 files changed, 129 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=508b72c9779f4f058551ebb133c5d5f21fd4e654 commit 508b72c9779f4f058551ebb133c5d5f21fd4e654 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-07 05:04:06 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-07 05:04:24 +0000 [ GLSA 202405-20 ] libjpeg-turbo: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/797424 Bug: https://bugs.gentoo.org/814206 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-20.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) |