| Summary: | <media-video/v4l2loopback-0.12.7: kernel stack memory leak via format string vulnerability | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | quincyf467, titanofold |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5 | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2022-08-08 17:32:45 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=032d9f3e8f89b760dc4d179a79128ae0490387b7 commit 032d9f3e8f89b760dc4d179a79128ae0490387b7 Author: Andrew Ammerlaan <andrewammerlaan@gentoo.org> AuthorDate: 2023-06-21 08:25:15 +0000 Commit: Andrew Ammerlaan <andrewammerlaan@gentoo.org> CommitDate: 2023-06-21 08:29:43 +0000 media-video/v4l2loopback: migrate to linux-mod-r1.eclass, EAPI bump This should also fix Bug 843053 (please confirm that it works now) Should also fix the open CVE-2022-2652, the mentioned patch is in this release Bug: https://bugs.gentoo.org/864442 Bug: https://bugs.gentoo.org/843053 Closes: https://bugs.gentoo.org/888649 Closes: https://bugs.gentoo.org/908723 Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org> media-video/v4l2loopback/Manifest | 1 + .../v4l2loopback/v4l2loopback-0.12.7.ebuild | 59 ++++++++++++++++++++++ media-video/v4l2loopback/v4l2loopback-9999.ebuild | 19 +++---- 3 files changed, 70 insertions(+), 9 deletions(-) Thanks! Please stable when ready As far as I can tell this package never had stable versions. Please clean up vulnerable version 0.12.5-r1. Version 0.12.5 was dropped in this commit: https://github.com/gentoo/gentoo/commit/84dfa7a5ba6b4bdeb0a53eb865d44aa437f31e19 This bug can be closed now. |