Summary: | <media-libs/dav1d-1.2.0: race condition leading to crash | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | lu_zero |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 910088 | ||
Bug Blocks: |
Description
John Helmert III
![]() ![]() ![]() ![]() Thank you for the report! I'll wait for https://code.videolan.org/videolan/dav1d/-/issues/426 to be fixed. (In reply to Luca Barbato from comment #2) > I'll wait for https://code.videolan.org/videolan/dav1d/-/issues/426 to be > fixed. Closed with: https://code.videolan.org/videolan/dav1d/-/commit/5c584cb332e585e2527f08a5d596fad59c1f8c9b The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e355a878b25f04e312e370946575fab5a0a785e commit 1e355a878b25f04e312e370946575fab5a0a785e Author: Sam James <sam@gentoo.org> AuthorDate: 2023-05-31 06:39:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-31 06:56:27 +0000 media-libs/dav1d: add 1.2.0 Bug: https://bugs.gentoo.org/906107 Signed-off-by: Sam James <sam@gentoo.org> media-libs/dav1d/Manifest | 1 + media-libs/dav1d/dav1d-1.2.0.ebuild | 61 +++++++++++++++++++++++++++++++++++++ media-libs/dav1d/dav1d-9999.ebuild | 12 +++++--- 3 files changed, 69 insertions(+), 5 deletions(-) Ping. Please remove the vulnerable versions. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a319fb0f66c60cfb986c94c7087b361b4518c8c4 commit a319fb0f66c60cfb986c94c7087b361b4518c8c4 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-08 05:41:28 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-08 05:42:04 +0000 [ GLSA 202310-05 ] dav1d: Denial of Service Bug: https://bugs.gentoo.org/906107 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202310-05.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a01624a3f5f46c4979ddb9eeb00a4cda2d4752a6 commit a01624a3f5f46c4979ddb9eeb00a4cda2d4752a6 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-02 05:01:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-02 05:01:54 +0000 media-libs/dav1d: drop 0.9.2, 1.0.0 Bug: https://bugs.gentoo.org/906107 Signed-off-by: Sam James <sam@gentoo.org> media-libs/dav1d/Manifest | 2 -- media-libs/dav1d/dav1d-0.9.2.ebuild | 61 ------------------------------------- media-libs/dav1d/dav1d-1.0.0.ebuild | 59 ----------------------------------- 3 files changed, 122 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da588fa1f4a753bbefec48a9f0505c9fc8978695 commit da588fa1f4a753bbefec48a9f0505c9fc8978695 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-02 05:00:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-02 05:01:50 +0000 media-libs/dav1d: drop 1.1.0, 1.2.0 Bug: https://bugs.gentoo.org/906107 Signed-off-by: Sam James <sam@gentoo.org> media-libs/dav1d/Manifest | 2 -- media-libs/dav1d/dav1d-1.1.0.ebuild | 59 ----------------------------------- media-libs/dav1d/dav1d-1.2.0.ebuild | 61 ------------------------------------- 3 files changed, 122 deletions(-) |