Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 202354 (CVE-2007-6354) - media-gfx/exiftags < 1.01 Multiple vulnerabilities (CVE-2007-{6354,6355,6356})
Summary: media-gfx/exiftags < 1.01 Multiple vulnerabilities (CVE-2007-{6354,6355,6356})
Status: RESOLVED FIXED
Alias: CVE-2007-6354
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/28110/
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-12-15 00:46 UTC by Robert Buchholz (RETIRED)
Modified: 2008-03-06 09:59 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-15 00:46:41 UTC
Meder Kydyraliev (Google Security) reported vulnerabilities in exiftags:

CVE-2007-6354 illegal memory access
CVE-2007-6355 integer overflow
CVE-2007-6356 infinite loop

Upstream was informed about these issues, no response I know of yet.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-12-16 13:30:52 UTC
1.01 is out, resolving these issues:
  http://johnst.org/sw/exiftags/exiftags-1.01.tar.gz

Graphics herd, please bump.
Comment 2 Markus Meier gentoo-dev 2007-12-16 14:17:45 UTC
media-gfx/exiftags-1.01 is in cvs.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-12-17 01:42:48 UTC
Markus, thanks for the fast bump.

Arches, please test and mark stable media-gfx/exiftags-1.01.
Target keywords : "amd64 ppc x86"
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2007-12-17 07:22:32 UTC
x86 stable
Comment 5 Samuli Suominen gentoo-dev 2007-12-17 16:39:44 UTC
amd64 stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2007-12-17 18:52:11 UTC
ppc stable, ready for glsa
Comment 7 Robert Buchholz (RETIRED) gentoo-dev 2007-12-18 01:38:17 UTC
thanks, filed.
Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-29 14:07:32 UTC
GLSA 200712-17
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2008-03-06 09:59:30 UTC
Does not affect current (2008.0) release. Removing release.