Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 623636 - <media-libs/libgphoto2-2.5.14: multiple vulnerabilities in ptp* camlib
Summary: <media-libs/libgphoto2-2.5.14: multiple vulnerabilities in ptp* camlib
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks: CVE-2017-9831, CVE-2017-9832
  Show dependency tree
 
Reported: 2017-07-03 12:23 UTC by Thomas Deutschmann (RETIRED)
Modified: 2018-01-20 19:10 UTC (History)
3 users (show)

See Also:
Package list:
=media-gfx/gphoto2-2.5.14 amd64 =media-libs/libgphoto2-2.5.14 alpha arm hppa ia64 ppc ppc64 x86
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-07-03 12:23:28 UTC 
See tracker bug 623634 for details.


@ Maintainer(s): Please bump to >=media-libs/libgphoto2-2.5.14!
Comment 1 Gilles Dartiguelongue (RETIRED) gentoo-dev 2017-08-28 21:15:02 UTC 
commit b36ec58d90c77c8eb616da08b99a169537240b81
Date:   Sun Aug 27 18:30:04 2017 +0200

    media-libs/libgphoto2: security version bump 2.5.12 → 2.5.14, bug #623636
    
    Also fix multiple warnings shown on multilib setup, bug #560432.
    
    Package-Manager: Portage-2.3.8, Repoman-2.3.3
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-05 15:34:34 UTC 
@Arches please test and mark stable, CCing HPPA till we have a final resolution in Bug 629554.

Gentoo Security Padawan
ChrisADR
Comment 3 Tobias Klausmann (RETIRED) gentoo-dev 2017-09-15 15:39:51 UTC 
Stable on alpha.
Comment 4 Manuel Rüger (RETIRED) gentoo-dev 2017-09-26 22:47:25 UTC 
amd64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-09-29 23:09:04 UTC 
x86 stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-30 04:52:31 UTC 
ppc stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-30 06:37:42 UTC 
ppc64 stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2017-10-25 21:31:56 UTC 
hppa stable
Comment 9 Aaron Bauman (RETIRED) gentoo-dev 2017-10-26 00:27:02 UTC 
@maintainers, please clean the vulnerable versions.
Comment 10 Mart Raudsepp gentoo-dev 2017-10-31 00:54:33 UTC 
I don't see how I can clean this when the bug is about libgphoto2, but security padawan put gphoto2 in package list, and only amd64 stabilized libgphoto2 instead of gphoto2 due to not following the package list via script, but apparently manually via subject.
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2017-10-31 01:04:08 UTC 
Thanks for noticing. I updated the package list (I keep amd64 for unrelated media-gfx/gphoto2 to stay in sync).


@ Arches,

please test and mark stable:

  =media-libs/libgphoto2 alpha arm hppa ia64 ppc ppc64 x86
Comment 12 Stabilization helper bot gentoo-dev 2017-10-31 02:00:39 UTC 
An automated check of this bug failed - the following atom is unknown:

media-libs/libgphoto2

Please verify the atom list.
Comment 13 Sergei Trofimovich (RETIRED) gentoo-dev 2017-11-01 07:26:57 UTC 
ia64 stable
Comment 14 Thomas Deutschmann (RETIRED) gentoo-dev 2017-11-02 21:17:34 UTC 
x86 stable
Comment 15 Tobias Klausmann (RETIRED) gentoo-dev 2017-11-08 12:54:57 UTC 
Stable on alpha.
Comment 16 Sergei Trofimovich (RETIRED) gentoo-dev 2017-11-12 11:36:16 UTC 
ppc64 stable
Comment 17 Sergei Trofimovich (RETIRED) gentoo-dev 2017-11-13 22:39:45 UTC 
ppc stable
Comment 18 Sergei Trofimovich (RETIRED) gentoo-dev 2017-11-19 12:20:52 UTC 
hppa stable
Comment 19 Markus Meier gentoo-dev 2017-11-19 15:08:28 UTC 
arm stable, all arches done.
Comment 20 Aaron Bauman (RETIRED) gentoo-dev 2017-11-19 17:59:01 UTC 
@maintainer(s), please clean the vulnerable versions.
Comment 21 Sergei Trofimovich (RETIRED) gentoo-dev 2017-12-06 22:38:05 UTC 
sparc stable (thanks to Rolf Eike Beer)
Comment 22 Larry the Git Cow gentoo-dev 2018-01-20 18:05:42 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c04cf8e89942a989204ec4f535d5e7ccb98ea991

commit c04cf8e89942a989204ec4f535d5e7ccb98ea991
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2018-01-20 18:04:30 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2018-01-20 18:05:28 +0000

    media-libs/libgphoto2: security cleanup
    
    Bug: https://bugs.gentoo.org/623636
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 media-libs/libgphoto2/Manifest                 |   1 -
 media-libs/libgphoto2/libgphoto2-2.5.12.ebuild | 207 -------------------------
 2 files changed, 208 deletions(-)}
Comment 23 Aaron Bauman (RETIRED) gentoo-dev 2018-01-20 19:10:12 UTC 
Tree is clean.

Thanks, Mart!