Summary: | [Tracker] Drop (possibly-)unnecessary use of unsafe media-libs/giflib where exposed to untrusted input | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sam James <sam> |
Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
Status: | CONFIRMED --- | ||
Severity: | normal | Keywords: | Tracker |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=785664 https://bugs.gentoo.org/show_bug.cgi?id=851945 https://bugs.gentoo.org/show_bug.cgi?id=918539 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 933161, 933162, 933164, 933165, 933166, 933167, 933160 | ||
Bug Blocks: |
Description
Sam James
![]() ![]() ![]() ![]() NRK raises a fair point at https://bugs.gentoo.org/933166#c2 -- the reported vulnerabilities are in giflib's utilities. As I write there, I'm suspicious about how robust giflib is, but maybe I panicked a bit. I still think we should reduce unnecessary use though. |