Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 882571 (CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020) - <app-arch/advancecomp-2.4: multiple vulnerabilities
Summary: <app-arch/advancecomp-2.4: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 882573
Blocks:
  Show dependency tree
 
Reported: 2022-11-23 05:58 UTC by Michał Górny
Modified: 2023-10-02 12:22 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2022-11-23 05:58:23 UTC
From upstream changelog:

> Fix CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
> CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
> Update libdeflate to 1.14

All of them give very little information, either "segmentation fault" or "heap buffer overflow".
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-11-23 06:13:31 UTC
Looks like it bundles (unpackaged) libdeflate, app-arch/zopfli, and (unpackaged?) 7zip(?) too.
Comment 2 Hans de Graaff gentoo-dev Security 2023-10-02 12:22:24 UTC
commit a708aa1d3d28054438ca765e456a7b8cf919d4cd
Author: Michał Górny <mgorny@gentoo.org>
Date:   Mon Jan 23 07:59:44 2023 +0100

    app-arch/advancecomp: Remove old