Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 745165 (CVE-2015-6673) - <media-libs/libpgf-7.19.3: Use-after-free in Decoder.cpp (CVE-2015-6673)
Summary: <media-libs/libpgf-7.19.3: Use-after-free in Decoder.cpp (CVE-2015-6673)
Status: RESOLVED FIXED
Alias: CVE-2015-6673
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-28 19:29 UTC by Sam James
Modified: 2021-02-20 19:34 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-09-28 19:29:07 UTC 
Description:
"Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32."
Comment 2 Larry the Git Cow gentoo-dev 2020-10-07 19:05:39 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40d291110ed8c416b4520e2abf0f194d5bab91c9

commit 40d291110ed8c416b4520e2abf0f194d5bab91c9
Author:     Jakov Smolic <jakov.smolic@sartura.hr>
AuthorDate: 2020-09-29 07:36:45 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-10-07 19:01:20 +0000

    media-libs/libpgf: bump to 7.19.3
    
    Bug: https://bugs.gentoo.org/745165
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
    Closes: https://github.com/gentoo/gentoo/pull/17708
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/libpgf/Manifest             |  1 +
 media-libs/libpgf/libpgf-7.19.3.ebuild | 38 ++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
Comment 3 Agostino Sarubbo gentoo-dev 2020-10-13 09:29:03 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-10-13 10:03:01 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Larry the Git Cow gentoo-dev 2020-10-13 13:11:58 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cefaa08227c16dfccade431fb8fb89eaa2dade59

commit cefaa08227c16dfccade431fb8fb89eaa2dade59
Author:     Jakov Smolic <jakov.smolic@sartura.hr>
AuthorDate: 2020-10-13 10:05:34 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-10-13 13:11:48 +0000

    media-libs/libpgf: security cleanup
    
    Bug: https://bugs.gentoo.org/745165
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
    Closes: https://github.com/gentoo/gentoo/pull/17911
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 media-libs/libpgf/Manifest              |  1 -
 media-libs/libpgf/libpgf-6.12.27.ebuild | 40 ---------------------------------
 2 files changed, 41 deletions(-)
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2021-02-20 19:34:32 UTC 
GLSA Vote: No

Repository is clean, all done!