CVE-2023-38857 (https://github.com/knik0/faad2/issues/171): Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. Patch: https://github.com/knik0/faad2/commit/b02a9ee5bf071fa92563536c076a69dbec814e7e CVE-2023-38858 (https://github.com/knik0/faad2/issues/173): Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. Patch: https://github.com/knik0/faad2/commit/c65ae2904192965e7c9fcafe8c1ae5fa0649eea4 Patches in 2.11.0, please stabilize.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33e43bfd4798dbd26ca5e81e3f2bc6eca183255e commit 33e43bfd4798dbd26ca5e81e3f2bc6eca183255e Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2023-11-29 13:54:59 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2023-11-29 13:54:59 +0000 media-libs/faad2: dropped obsolete 2.10.1 Bug: https://bugs.gentoo.org/918595 Bug: https://bugs.gentoo.org/918558 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> media-libs/faad2/Manifest | 1 - media-libs/faad2/faad2-2.10.1.ebuild | 50 ------------------------------------ media-libs/faad2/metadata.xml | 3 --- 3 files changed, 54 deletions(-)
the tree is clean now, you can proceed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a1eecf982df504f02f8b23c7cace982c168ea64b commit a1eecf982df504f02f8b23c7cace982c168ea64b Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-10 11:43:50 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-10 11:44:39 +0000 [ GLSA 202401-13 ] FAAD2: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/918558 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-13.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+)