Summary: | <media-gfx/exiv2-0.28.1: buffer overflow (RCE) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r | ||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 917669 | ||
Bug Blocks: |
Description
John Helmert III
2023-11-21 01:18:21 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58c79ada9b4fed3de90aa55856ca7d3293891a4b commit 58c79ada9b4fed3de90aa55856ca7d3293891a4b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2023-11-29 09:37:12 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2023-11-29 09:42:55 +0000 media-gfx/exiv2: Cleanup vulnerable 0.28.0 Bug: https://bugs.gentoo.org/917650 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.28.0.ebuild | 129 ------------------------------------ 2 files changed, 130 deletions(-) This bug still requires cleanup of vulnerable version 0.27.7. Apologies for the mistake in updating the whiteboard. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ac054647254eb13d0b84b78ceab28ba69d92c404 commit ac054647254eb13d0b84b78ceab28ba69d92c404 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-12-22 09:22:44 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-12-22 09:23:49 +0000 [ GLSA 202312-06 ] Exiv2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/785646 Bug: https://bugs.gentoo.org/807346 Bug: https://bugs.gentoo.org/917650 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202312-06.xml | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) commit e2502ab68714c7c22176061458ac501ae3545cb0 Author: Andreas Sturmlechner <asturm@gentoo.org> Date: Mon Feb 19 21:13:41 2024 +0100 media-gfx/exiv2: drop 0.27.7, 0.28.1-r1 |