Multiple apparent security fixes reported in the changelogs for mediainfo (https://github.com/MediaArea/MediaInfo/releases/tag/v21.03) and libmediainfo (https://github.com/MediaArea/MediaInfoLib/releases/tag/v21.03) 21.03: FFV1: fix crash with some bitstreams parsing TIFF: fix division by 0 RF64: fix the WAV malformed chunk size test Several apparent security fixes in the commit log of libmediainfo since last version too: 21bcafaa Fix floating point exception in File_La::FileHeader_Parse (SF#1151) 91461395 Fix floating point exception when parsing mpeg4 files (SF#1131) b451751b Fix integer overflow in File_AvsV::user_data_start (SF#1155) 4b2a64ca Fix integer overflow in File_Ogg::Data_Parse (SF#1143) 2fb5e46e Fix floating point exception in File_Pcm::Header_Parse (SF#1133) 859f778c Fix global buffer overflow in File_Dpx::GenericSectionHeader_Dpx (SF#1140) 7bab1c3a Fix heap overflow File_Gxf::ChooseParser_ChannelGrouping (SF#1154) Unsure if exploitable further than a DoS.
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=036af3bb0a04b78b809465f596d23bd96351068a commit 036af3bb0a04b78b809465f596d23bd96351068a Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-02 06:15:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-02 06:16:06 +0000 media-video/mediainfo: add 21.09 Bug: https://bugs.gentoo.org/778992 Closes: https://bugs.gentoo.org/794925 Signed-off-by: Sam James <sam@gentoo.org> media-video/mediainfo/Manifest | 1 + media-video/mediainfo/mediainfo-21.09.ebuild | 86 ++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e24798c7cb22306b5c806bd3eb444047c891af5 commit 9e24798c7cb22306b5c806bd3eb444047c891af5 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-02 06:03:03 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-02 06:15:51 +0000 media-libs/libmediainfo: add 21.09 Bug: https://bugs.gentoo.org/778992 Closes: https://bugs.gentoo.org/794925 Signed-off-by: Sam James <sam@gentoo.org> media-libs/libmediainfo/Manifest | 1 + .../files/libmediainfo-21.09-link-fix.patch | 29 +++++++ media-libs/libmediainfo/libmediainfo-21.09.ebuild | 88 ++++++++++++++++++++++ 3 files changed, 118 insertions(+)
Looks like stabilization happened in bug 833738, need cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0daf4322261c4c91494bf192c9173ea54c08c891 commit 0daf4322261c4c91494bf192c9173ea54c08c891 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-08-16 21:19:45 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-16 21:20:21 +0000 media-libs/libmediainfo: drop 20.09-r1 Bug: https://bugs.gentoo.org/778992 Signed-off-by: John Helmert III <ajak@gentoo.org> media-libs/libmediainfo/Manifest | 1 - .../files/libmediainfo-20.09-pkgconfig.patch | 10 --- .../libmediainfo/libmediainfo-20.09-r1.ebuild | 88 ---------------------- 3 files changed, 99 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ee603b147399d045f2f7c55fe1e16a83fcb78d1 commit 7ee603b147399d045f2f7c55fe1e16a83fcb78d1 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-08-16 21:18:34 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-16 21:18:34 +0000 media-video/mediainfo: drop 20.09, 20.09-r1 Bug: https://bugs.gentoo.org/778992 Signed-off-by: John Helmert III <ajak@gentoo.org> media-video/mediainfo/Manifest | 1 - media-video/mediainfo/mediainfo-20.09-r1.ebuild | 82 ------------------------- media-video/mediainfo/mediainfo-20.09.ebuild | 81 ------------------------ 3 files changed, 164 deletions(-)
The affected versions are long gone from the tree. Can this bug close?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3f0835df81643a2316838781489d1870a408b6c9 commit 3f0835df81643a2316838781489d1870a408b6c9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-04 09:27:38 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-04 09:28:09 +0000 [ GLSA 202405-09 ] MediaInfo, MediaInfoLib: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/778992 Bug: https://bugs.gentoo.org/836564 Bug: https://bugs.gentoo.org/875374 Bug: https://bugs.gentoo.org/917612 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-09.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+)