Summary: | <app-arch/advancecomp-2.4: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michał Górny <mgorny> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 882573 | ||
Bug Blocks: |
Looks like it bundles (unpackaged) libdeflate, app-arch/zopfli, and (unpackaged?) 7zip(?) too. commit a708aa1d3d28054438ca765e456a7b8cf919d4cd Author: Michał Górny <mgorny@gentoo.org> Date: Mon Jan 23 07:59:44 2023 +0100 app-arch/advancecomp: Remove old |
From upstream changelog: > Fix CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, > CVE-2022-35018, CVE-2022-35019, CVE-2022-35020 > Update libdeflate to 1.14 All of them give very little information, either "segmentation fault" or "heap buffer overflow".