| Summary: | <media-gfx/openscad-2021.01-r4: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | proxy-maint, waebbl-gentoo |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://github.com/gentoo/gentoo/pull/27113 | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 867748 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2022-08-29 16:44:25 UTC
Both issues are already addressed in -r4. See the patches ${FILESDIR}/${P}-CVE-2022-0496-Out-of-bounds-memory-access-in-DXF-loa.patch and ${FILESDIR}/${P}-CVE-2022-0497-Out-of-bounds-memory-access-in-comment.patch as well as the git log of the latest commit.
I was already thinking about stabilizing -r4, when this bug showed up. Going to open a stabilization request later this day. Ah, please remember to file security bugs when you notice security fixes! And now that stabilization is done, please cleanup -r3. Oh no problem. Didn't know it should file a security bug in such cases. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9ff34202290af6646ebe66f4549ac1117df6755 commit f9ff34202290af6646ebe66f4549ac1117df6755 Author: Bernd Waibel <waebbl-gentoo@posteo.net> AuthorDate: 2022-09-02 14:21:05 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-09-02 16:49:02 +0000 media-gfx/openscad: drop 2021.01-r3 Bug: https://bugs.gentoo.org/867325 Signed-off-by: Bernd Waibel <waebbl-gentoo@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/27113 Signed-off-by: Joonas Niilola <juippis@gentoo.org> media-gfx/openscad/openscad-2021.01-r3.ebuild | 106 -------------------------- 1 file changed, 106 deletions(-) OOB read is not clearly exploitable, no GLSA. All done! |