| Summary: | <media-libs/openimageio-2.3.21.0: Multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | sci |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=888045 | ||
| Whiteboard: | B2 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 884081 | ||
| Bug Blocks: | |||
|
Description
Sam James
2022-11-03 05:56:30 UTC
More in 2.4.5.0 release notes (not stabled) at https://github.com/OpenImageIO/oiio/releases/tag/v2.4.5.0: BMP: protect against corrupt pixel coordinates. (TALOS-2022-1630, CVE-2022-38143) #3620 DDS: Fix crashes for cubemap files when a cube face was not present, and check for invalid bits per pixel. (TALOS-2022-1634, CVE-2022-41838) (TALOS-2022-1635, CVE-2022-41999) #3625 PSD: protect against corrupted embedded thumbnails. (TALOS-2022-1626, CVE-2022-41794) #3629 RLA: fix potential buffer overrun. (TALOS-2022-1629, CVE-2022-36354) #3624 Targa: string overflow safety. (TALOS-2022-1628, CVE-2022-4198) #3622 TIFF/JPEG/PSD: Fix EXIF bugs where corrupted exif blocks could overrun memory. (TALOS-2022-1626, CVE-2022-41794) (TALOS-2022-1632, CVE-2022-41684) #3627 TIFF: guard against corrupt files with buffer overflows. (TALOS-2022-1627, CVE-2022-41977) #3628 TIFF: guard against buffer overflow for certain CMYK files. (TALOS-2022-1633, CVE-2022-41639) (TALOS-2022-1643, CVE-2022-41988) #3632 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=562288f90e0387b90f08154c3c97944f4926b5c5 commit 562288f90e0387b90f08154c3c97944f4926b5c5 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-11-03 06:04:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-03 06:14:04 +0000 media-libs/openimageio: add 2.4.5.0 Bug: https://bugs.gentoo.org/879255 Signed-off-by: Sam James <sam@gentoo.org> media-libs/openimageio/Manifest | 1 + media-libs/openimageio/openimageio-2.4.5.0.ebuild | 184 ++++++++++++++++++++++ 2 files changed, 185 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee9117ca3be6fc2121deb2961e31abc2a752c3c5 commit ee9117ca3be6fc2121deb2961e31abc2a752c3c5 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-11-03 05:57:52 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-03 06:14:04 +0000 media-libs/openimageio: add 2.3.21.0 Bug: https://bugs.gentoo.org/879255 Signed-off-by: Sam James <sam@gentoo.org> media-libs/openimageio/Manifest | 1 + media-libs/openimageio/openimageio-2.3.21.0.ebuild | 185 +++++++++++++++++++++ 2 files changed, 186 insertions(+) Please cleanup GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=0778ce2129b0cfa807a5d5a2fab9ed1ccc9db6a9 commit 0778ce2129b0cfa807a5d5a2fab9ed1ccc9db6a9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-30 03:02:13 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-30 03:05:03 +0000 [ GLSA 202305-33 ] OpenImageIO: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/879255 Bug: https://bugs.gentoo.org/884085 Bug: https://bugs.gentoo.org/888045 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-33.xml | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) GLSA released, all done! |