Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 882571 (CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020)

Summary: <app-arch/advancecomp-2.4: multiple vulnerabilities
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: mgorny
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 882573    
Bug Blocks:    

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2022-11-23 05:58:23 UTC 
From upstream changelog:

> Fix CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
> CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
> Update libdeflate to 1.14

All of them give very little information, either "segmentation fault" or "heap buffer overflow".
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-11-23 06:13:31 UTC 
Looks like it bundles (unpackaged) libdeflate, app-arch/zopfli, and (unpackaged?) 7zip(?) too.
Comment 2 Hans de Graaff gentoo-dev Security 2023-10-02 12:22:24 UTC 
commit a708aa1d3d28054438ca765e456a7b8cf919d4cd
Author: Michał Górny <mgorny@gentoo.org>
Date:   Mon Jan 23 07:59:44 2023 +0100

    app-arch/advancecomp: Remove old