865525 – (CVE-2022-2832, CVE-2022-2833) media-gfx/blender: multiple vulnerabilities

Bug 865525 (CVE-2022-2832, CVE-2022-2833) - media-gfx/blender: multiple vulnerabilities

Summary: media-gfx/blender: multiple vulnerabilities

Status:	CONFIRMED

Alias:	CVE-2022-2832, CVE-2022-2833

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [upstream]
Keywords:

Depends on:
Blocks:

Reported:	2022-08-17 17:57 UTC by John Helmert III
Modified:	2022-08-17 17:57 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-08-17 17:57:44 UTC

CVE-2022-2832 (https://developer.blender.org/T99706):
https://developer.blender.org/D15463
https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c

When rendering with headless builds, show an error instead of crashing. Previously GPU_backend_init was called indirectly from DRW_opengl_context_create, a new function is now called from the window manager (GPU_backend_init_once), so it's possible to check if the GPU has a back-end. This also disables the bgl Python module when building WITH_HEADLESS.

CVE-2022-2833 (https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512):
https://developer.blender.org/T99711

Endless Infinite loop in Blender-thumnailing due to logical bugs.

Looks like a fix for the second issue made it into 3.2.2.