1) CVE-2019-14491 Description: "An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service." URL: https://github.com/opencv/opencv/issues/15125 2) CVE-2019-14492 Description: "An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service." URL: https://github.com/opencv/opencv/issues/15124 3) CVE-2019-14493 Description: "An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp." URL: https://github.com/opencv/opencv/issues/15127
CVE-2019-16249 (https://nvd.nist.gov/vuln/detail/CVE-2019-16249): OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp. CVE-2019-15939 (https://nvd.nist.gov/vuln/detail/CVE-2019-15939): An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. CVE-2019-14493 (https://nvd.nist.gov/vuln/detail/CVE-2019-14493): An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. CVE-2019-14492 (https://nvd.nist.gov/vuln/detail/CVE-2019-14492): An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. CVE-2019-14491 (https://nvd.nist.gov/vuln/detail/CVE-2019-14491): An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service.
@maintianer(s), please advise if ready for stabilisation, or call yourself.
@maintainer(s), is this ready to be stabled?
Soap told me to.
x86 stable
amd64 stable
arm64 stable ---- @maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e00c8edae30e54a80c29fabf1ecac66462a5edde commit e00c8edae30e54a80c29fabf1ecac66462a5edde Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-06-25 07:56:35 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-06-25 17:07:43 +0000 media-libs/opencv: Drop vulnerable 3.4.1-r7 Bug: https://bugs.gentoo.org/711284 Bug: https://bugs.gentoo.org/729504 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/opencv/Manifest | 3 - ...opencv-3.3.0-remove-tiny-dnn-autodownload.patch | 27 -- .../files/opencv-3.4.1-compilation-C-mode.patch | 56 --- .../files/opencv-3.4.1-fix-build-with-va.patch | 26 -- .../opencv/files/opencv-3.4.1-fix-on-x86.patch | 27 -- media-libs/opencv/files/opencv-3.4.1-popcnt.patch | 30 -- .../opencv-3.4.1-python-lib-suffix-hack.patch | 13 - .../opencv/files/opencv-3.4.1-python37.patch | 12 - .../files/opencv-3.4.1-remove-git-autodetect.patch | 42 -- media-libs/opencv/opencv-3.4.1-r7.ebuild | 501 --------------------- 10 files changed, 737 deletions(-)
GLSA vote: no Closing.