Summary: | dev-libs/stb: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | 3dprint, mathy, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A1 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2023-11-28 01:12:57 UTC
Ah, there are PRs: CVE-2023-45676: https://github.com/nothings/stb/pull/1554 CVE-2023-45677: https://github.com/nothings/stb/pull/1555 CVE-2023-45678: https://github.com/nothings/stb/pull/1556 CVE-2023-45679: https://github.com/nothings/stb/pull/1557 CVE-2023-45664: https://github.com/nothings/stb/pull/1545 CVE-2023-45666: https://github.com/nothings/stb/pull/1549 CVE-2023-45667: https://github.com/nothings/stb/pull/1551 CVE-2023-45675: https://github.com/nothings/stb/pull/1553 CVE-2023-45680: https://github.com/nothings/stb/pull/1558 CVE-2023-45681: https://github.com/nothings/stb/pull/1559 CVE-2023-45682: https://github.com/nothings/stb/pull/1560 CVE-2023-45661: https://github.com/nothings/stb/pull/1539 CVE-2023-45662: https://github.com/nothings/stb/pull/1541 CVE-2023-45663: https://github.com/nothings/stb/pull/1543 It also seems that there are a variety of other issues that GHSL found which (I guess) weren't necessarily security relevant and didn't get CVEs: https://github.com/nothings/stb/pulls/JarLob These ones have the potential to be uniquely nasty given that stb's format lends itself very well to downstream bundling/vendoring. None of these PRs have made it into the 20240201 release. |