Summary: | <media-libs/openexr-3.1.5: oss-fuzz issues | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video, proxy-maint, waebbl-gentoo |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.5 | ||
See Also: |
https://github.com/gentoo/gentoo/pull/25022 https://github.com/gentoo/gentoo/pull/27522 https://github.com/gentoo/gentoo/pull/29317 |
||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 878149, 837911, 839582, 877865, 877901, 878173, 878243, 878247 | ||
Bug Blocks: | 878213 |
Description
John Helmert III
2022-04-12 14:02:26 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cad20e1001813a9869391b4281a435a174a0401 commit 2cad20e1001813a9869391b4281a435a174a0401 Author: Bernd Waibel <waebbl-gentoo@posteo.net> AuthorDate: 2022-04-14 04:38:58 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-04-19 06:41:31 +0000 media-libs/openexr: add 3.1.5 Closes: https://bugs.gentoo.org/837911 Bug: https://bugs.gentoo.org/838079 Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/25022 Signed-off-by: Joonas Niilola <juippis@gentoo.org> media-libs/openexr/Manifest | 1 + media-libs/openexr/openexr-3.1.5.ebuild | 67 +++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) Thanks! Please stabilize 3.1.5 when ready Please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7f15717240e71aad00ea50b1661095658a6390b commit e7f15717240e71aad00ea50b1661095658a6390b Author: Bernd Waibel <waebbl-gentoo@posteo.net> AuthorDate: 2022-09-29 05:21:38 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-09-29 05:52:59 +0000 media-libs/openexr: drop 3.1.4-r1 Bug: https://bugs.gentoo.org/838079 Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/27522 Signed-off-by: Joonas Niilola <juippis@gentoo.org> media-libs/openexr/Manifest | 1 - media-libs/openexr/openexr-3.1.4-r1.ebuild | 73 ------------------------------ 2 files changed, 74 deletions(-) GLSA request filed. AFAICS the bugs are all related to the OpenEXRCore C engine, which isn't present in the RB-2.5 branch. Additionally, according to upstreams Security.md file, the issues are not present in the 2.x versions of OpenEXR: https://github.com/AcademySoftwareFoundation/openexr/blob/RB-2.5/SECURITY.md The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d4c4a128904601416fe6b2663ba5e3ef91394c37 commit d4c4a128904601416fe6b2663ba5e3ef91394c37 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:28:08 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:17 +0000 [ GLSA 202210-31 ] OpenEXR: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/787452 Bug: https://bugs.gentoo.org/801373 Bug: https://bugs.gentoo.org/810541 Bug: https://bugs.gentoo.org/817431 Bug: https://bugs.gentoo.org/830384 Bug: https://bugs.gentoo.org/838079 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-31.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb815ca5634fd66f398d1e58cfd35a61688114cd commit cb815ca5634fd66f398d1e58cfd35a61688114cd Author: Bernd Waibel <waebbl-gentoo@posteo.net> AuthorDate: 2023-01-28 10:24:52 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-01-28 11:26:42 +0000 media-libs/openexr: drop 2.5.8 Bug: https://bugs.gentoo.org/817431 Bug: https://bugs.gentoo.org/830384 Bug: https://bugs.gentoo.org/838079 Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/29317 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/openexr/Manifest | 1 - ....2-0001-IlmImfTest-main.cpp-disable-tests.patch | 40 ------------- ...xr-2.5.7-0002-increase-IlmImfTest-timeout.patch | 13 ---- media-libs/openexr/openexr-2.5.8.ebuild | 70 ---------------------- 4 files changed, 124 deletions(-) |