Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 884085 (CVE-2022-43592, CVE-2022-43593, CVE-2022-43594, CVE-2022-43595, CVE-2022-43596, CVE-2022-43597, CVE-2022-43598, CVE-2022-43599, CVE-2022-43602, CVE-2022-43603, TALOS-2022-1651, TALOS-2022-1652, TALOS-2022-1653, TALOS-2022-1654, TALOS-2022-1655, TALOS-2022-1656, TALOS-2022-1657)

Summary: <media-libs/openimageio-2.4.6.0: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: sci
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=888045
Whiteboard: B3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 889976, 899444    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-12-03 02:00:48 UTC
From 2.4.6.0 release notes:
* BMP: Fix possible write errors, fixes TALOS-2022-1653 / CVE-2022-43594,
  CVE-2022-43595. #3673
* DPX: Fix possible write errors, fixes TALOS-2022-1651 / CVE-2022-43592 and
  TALOS-2022-1652 / CVE-2022-43593. #3672
* IFF: Fix possible write errors, fixes TALOS-2022-1654 / CVE-2022-43596,
  TALOS-2022-1655 / CVE-2022-43597 CVE-2022-43598, TALOS-2022-1656 /
  CVE-2022-43599 CVE-2022-43602  #3676
Comment 1 Larry the Git Cow gentoo-dev 2022-12-03 02:04:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=853309096827f74e46681a1398900b316b55e0f9

commit 853309096827f74e46681a1398900b316b55e0f9
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-12-03 02:01:13 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-03 02:01:13 +0000

    media-libs/openimageio: add 2.4.6.0
    
    Bug: https://bugs.gentoo.org/884085
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/openimageio/Manifest                   |   1 +
 media-libs/openimageio/openimageio-2.4.6.0.ebuild | 184 ++++++++++++++++++++++
 2 files changed, 185 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-28 13:34:42 UTC
Please cleanup
Comment 3 Larry the Git Cow gentoo-dev 2023-05-28 13:49:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05bd07f65eacc2ff3ed8f685da11b7e8d2e41b2d

commit 05bd07f65eacc2ff3ed8f685da11b7e8d2e41b2d
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2023-05-28 13:45:55 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2023-05-28 13:45:55 +0000

    media-libs/openimageio: drop 2.3.21.0-r1
    
    Bug: https://bugs.gentoo.org/884085
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 media-libs/openimageio/Manifest                    |   1 -
 .../openimageio/openimageio-2.3.21.0-r1.ebuild     | 185 ---------------------
 2 files changed, 186 deletions(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-29 03:56:28 UTC
Thanks!
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-29 04:19:36 UTC
GLSA request filed.
Comment 6 Larry the Git Cow gentoo-dev 2023-05-30 03:05:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=0778ce2129b0cfa807a5d5a2fab9ed1ccc9db6a9

commit 0778ce2129b0cfa807a5d5a2fab9ed1ccc9db6a9
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-30 03:02:13 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-05-30 03:05:03 +0000

    [ GLSA 202305-33 ] OpenImageIO: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/879255
    Bug: https://bugs.gentoo.org/884085
    Bug: https://bugs.gentoo.org/888045
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202305-33.xml | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-30 03:07:53 UTC
GLSA released, all done!