Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 878757

Summary: <media-libs/exempi-2.6.2: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: freedesktop-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ?? [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 764536, 883901    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-10-29 20:19:37 UTC 
+
+2.6.0 - 2022/02/13
+
+[...]
+  - Changes in v2021.08
+    - Security Fixes
+ [...]
+  - Changes in v2021.07
+    - Security Fixes
+ [...]


+2.5.1 - 2019/07/28
+
+- Bug #9: [CVE-2018-12648] Fix null-pointer-dereference in WEBP.
+  https://gitlab.freedesktop.org/libopenraw/exempi/issues/9
+- Bug #12: Invalid WEBP cause a memory overflow.
+  https://gitlab.freedesktop.org/libopenraw/exempi/issues/12
+- Bug #13: Fix a buffer a overflow in ID3 support on invalid MP3.
+  https://gitlab.freedesktop.org/libopenraw/exempi/issues/13
+- Bug #14: Invalid MP3 cause a memory overflow.
+  https://gitlab.freedesktop.org/libopenraw/exempi/issues/14
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-10-29 20:20:14 UTC 
Sorry, we covered CVE-2018-12648 in bug 659038, but not the others.
Comment 2 Larry the Git Cow gentoo-dev 2023-02-07 20:09:11 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f492d0793709293271563e8ee7453b0a096187f

commit 6f492d0793709293271563e8ee7453b0a096187f
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2023-02-07 19:54:38 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2023-02-07 20:08:56 +0000

    media-libs/exempi: Cleanup vulnerable 2.4.5-r1
    
    Bug: https://bugs.gentoo.org/878757
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 media-libs/exempi/Manifest                         |  1 -
 media-libs/exempi/exempi-2.4.5-r1.ebuild           | 61 ----------------------
 .../exempi/files/exempi-2.4.5-CVE-2018-12648.patch | 42 ---------------
 media-libs/exempi/files/exempi-2.4.5-gcc11.patch   | 11 ----
 4 files changed, 115 deletions(-)