Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 891209 (CVE-2022-44617, CVE-2022-46285, CVE-2022-4883)

Summary: <x11-libs/libXpm-3.5.16: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: maracay
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.openwall.com/lists/oss-security/2023/01/17/2
Whiteboard: A3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 907616    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-17 17:18:58 UTC
"1) CVE-2022-46285: Infinite loop on unclosed comments
2) CVE-2022-44617: Runaway loop on width of 0 and enormous height
3) CVE-2022-4883: compression commands depend on $PATH"

Please bump to 3.5.15.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-02-05 16:46:19 UTC
ping. I did take a look at this but couldn't do it myself as was unsure what to do wrt new config options.
Comment 2 Larry the Git Cow gentoo-dev 2023-04-17 20:35:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=414462335909ac1cdfa276058238304228c7b129

commit 414462335909ac1cdfa276058238304228c7b129
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2023-04-17 20:33:54 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2023-04-17 20:34:56 +0000

    x11-libs/libXpm: Version bump to 3.5.16
    
    Bug: https://bugs.gentoo.org/891209
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 x11-libs/libXpm/Manifest             |  1 +
 x11-libs/libXpm/libXpm-3.5.16.ebuild | 41 ++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
Comment 3 Matt Turner gentoo-dev 2024-01-18 18:13:53 UTC
commit 08bafdc67f518b3159d0ae291d6a8bfe29f95213
Author: Matt Turner <mattst88@gentoo.org>
Date:   Mon Jun 5 11:30:22 2023 -0400

    x11-libs/libXpm: Drop old versions
Comment 4 Larry the Git Cow gentoo-dev 2024-08-07 05:22:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=d249388c2be16bdcae27a37364e00167f2e41221

commit d249388c2be16bdcae27a37364e00167f2e41221
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-07 05:22:06 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-07 05:22:24 +0000

    [ GLSA 202408-03 ] libXpm: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/891209
    Bug: https://bugs.gentoo.org/915130
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-03.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)