Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 906520

Summary: media-libs/libmp4v2-2.1.3: please stabilize
Product: Gentoo Linux Reporter: Miroslav Šulc <fordfrog>
Component: StabilizationAssignee: Gentoo Sound Team <sound>
Status: RESOLVED FIXED    
Severity: normal Keywords: CC-ARCHES, SECURITY, STABLEREQ
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
media-libs/libmp4v2-2.1.3
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 905092    

Description Miroslav Šulc gentoo-dev 2023-05-16 05:44:14 UTC 
stabilizing 2.1.3 rather that 2.1.2 because the older version contains some vulnerabilities. it's not clear to me though whether all the vulnerabilities are solved in this version.

commit e2665d7cdcb08c96a1a31bea6b3d9eaf5e1bd333
Author: Miroslav Šulc <fordfrog@gentoo.org>
Date:   Fri May 12 09:27:33 2023 +0200

    media-libs/libmp4v2: bump to 2.1.3
    
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 06:09:57 UTC 
x86 done
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 06:09:58 UTC 
amd64 done
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 06:27:42 UTC 
sparc done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 06:27:43 UTC 
arm done
Comment 5 Arthur Zamarin archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 17:04:42 UTC 
ppc done
Comment 6 Arthur Zamarin archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 18:03:09 UTC 
ppc64 done

all arches done
Comment 7 Larry the Git Cow gentoo-dev 2023-05-17 07:13:13 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2a2cffd6ad3268b681c1c6978162cee9353c19c

commit d2a2cffd6ad3268b681c1c6978162cee9353c19c
Author:     Miroslav Šulc <fordfrog@gentoo.org>
AuthorDate: 2023-05-17 07:12:56 +0000
Commit:     Miroslav Šulc <fordfrog@gentoo.org>
CommitDate: 2023-05-17 07:12:56 +0000

    media-libs/libmp4v2: dropped obsolete and vulnerable 2.0.0-r2 & 2.1.2
    
    Bug: https://bugs.gentoo.org/906520
    Bug: https://bugs.gentoo.org/905092
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

 media-libs/libmp4v2/Manifest                       |  2 -
 .../files/libmp4v2-2.0.0-CVE-2018-14054.patch      | 35 -------------
 .../files/libmp4v2-2.0.0-CVE-2018-14325.patch      | 60 ----------------------
 .../files/libmp4v2-2.0.0-CVE-2018-14379.patch      | 33 ------------
 .../files/libmp4v2-2.0.0-CVE-2018-14403.patch      | 28 ----------
 .../libmp4v2/files/libmp4v2-2.0.0-clang.patch      | 36 -------------
 .../libmp4v2/files/libmp4v2-2.0.0-gcc7.patch       | 18 -------
 .../files/libmp4v2-2.0.0-mp4tags-corruption.patch  | 20 --------
 media-libs/libmp4v2/libmp4v2-2.0.0-r2.ebuild       | 53 -------------------
 media-libs/libmp4v2/libmp4v2-2.1.2.ebuild          | 32 ------------
 10 files changed, 317 deletions(-)