882571 – (CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020) <app-arch/advancecomp-2.4: multiple vulnerabilities

Bug 882571 (CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020) - <app-arch/advancecomp-2.4: multiple vulnerabilities

Summary: <app-arch/advancecomp-2.4: multiple vulnerabilities

Status:	CONFIRMED

Alias:	CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa? cleanup]
Keywords:

Depends on:	882573
Blocks:
	Show dependency tree

Reported:	2022-11-23 05:58 UTC by Michał Górny
Modified:	2022-11-23 08:35 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michał Górny archtester

2022-11-23 05:58:23 UTC

From upstream changelog:

> Fix CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
> CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
> Update libdeflate to 1.14

All of them give very little information, either "segmentation fault" or "heap buffer overflow".

Comment 1 Sam James archtester

2022-11-23 06:13:31 UTC

Looks like it bundles (unpackaged) libdeflate, app-arch/zopfli, and (unpackaged?) 7zip(?) too.