Summary: | <media-libs/sdl2-ttf-2.20.0: arbitrary memory write | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | games |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/libsdl-org/SDL_ttf/issues/187 | ||
Whiteboard: | B2 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 883977 | ||
Bug Blocks: |
Description
John Helmert III
2022-05-09 14:06:36 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2044b967bf51f919535fa3881663618cd00868e6 commit 2044b967bf51f919535fa3881663618cd00868e6 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-19 01:00:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-19 01:07:20 +0000 media-libs/sdl2-ttf: add 2.20.0 Bug: https://bugs.gentoo.org/843434 Signed-off-by: Sam James <sam@gentoo.org> media-libs/sdl2-ttf/Manifest | 1 + media-libs/sdl2-ttf/sdl2-ttf-2.20.0.ebuild | 38 ++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f2e578801e00c0a195b0d6f72cb69368544db75 commit 7f2e578801e00c0a195b0d6f72cb69368544db75 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-11-11 03:48:59 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-11 03:48:59 +0000 media-libs/sdl-ttf: add 2.0.11_p20220525 Upstream aren't making releases anymore (since a long time ago!) for the 1.2.x branch but are kindly doing backports, so let's make a snapshot. The vulnerable (CVE-2022-27470) code doesn't seem to be in 1.2.x - and given upstream are quite good about backporting, the absence of any related commits seems to support that. Bug: https://bugs.gentoo.org/843434 Signed-off-by: Sam James <sam@gentoo.org> media-libs/sdl-ttf/Manifest | 1 + media-libs/sdl-ttf/sdl-ttf-2.0.11_p20220525.ebuild | 51 ++++++++++++++++++++++ 2 files changed, 52 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6b2fec5a705307d1dd93feaf16295c44346c9c4 commit c6b2fec5a705307d1dd93feaf16295c44346c9c4 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-16 05:24:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-16 06:26:12 +0000 media-libs/sdl2-ttf: drop 2.0.15, 2.0.18-r1 Bug: https://bugs.gentoo.org/843434 Signed-off-by: Sam James <sam@gentoo.org> media-libs/sdl2-ttf/Manifest | 2 -- media-libs/sdl2-ttf/sdl2-ttf-2.0.15.ebuild | 39 ----------------------- media-libs/sdl2-ttf/sdl2-ttf-2.0.18-r1.ebuild | 45 --------------------------- 3 files changed, 86 deletions(-) |