CVE-2020-12268 (https://nvd.nist.gov/vuln/detail/CVE-2020-12268): jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. ---- Note that 0.18 seems available on git but not mentioned on the site yet.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c8aa035785724e5c7dad46b35c25500d4c7135a commit 3c8aa035785724e5c7dad46b35c25500d4c7135a Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-19 18:28:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-19 18:28:16 +0000 media-libs/jbig2dec: security bump to 0.18 Bump to 0.18, but while we're here, add support for newer Pythons at build time. We include two additional upstream patches post-release which look security-relevant. Bug: https://bugs.gentoo.org/719730 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> media-libs/jbig2dec/Manifest | 1 + .../jbig2dec-0.18-extra-overflow-checks.patch | 51 +++++++++++++++ .../files/jbig2dec-0.18-overflow-IAID.patch | 36 +++++++++++ media-libs/jbig2dec/jbig2dec-0.18.ebuild | 73 ++++++++++++++++++++++ 4 files changed, 161 insertions(+)
arm stable
arm64 stable
x86 stable
ppc64 stable
ppc stable
amd64 stable
sparc stabled by slyfox in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3169245977a987a67079eb01010a1e1f3b99e738 on 22nd
s390 stable
hppa: ping
GLSA vote: no
hppa stable
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af1c2da6c3e7711f6cc2a1c985d23d93d73bbe0f commit af1c2da6c3e7711f6cc2a1c985d23d93d73bbe0f Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-29 19:49:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-29 23:11:45 +0000 media-libs/jbig2dec: security cleanup Bug: https://bugs.gentoo.org/719730 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> media-libs/jbig2dec/Manifest | 2 - .../files/jbig2dec-0.17-fix-test_jbig2dec.py.patch | 39 ------------- media-libs/jbig2dec/jbig2dec-0.14.ebuild | 44 -------------- media-libs/jbig2dec/jbig2dec-0.17-r1.ebuild | 68 ---------------------- 4 files changed, 153 deletions(-)