Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 914987 (CVE-2023-44488) - <media-libs/libvpx-1.13.1: mishandles widths, leading to a crash related to encoding
Summary: <media-libs/libvpx-1.13.1: mishandles widths, leading to a crash related to e...
Status: RESOLVED FIXED
Alias: CVE-2023-44488
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/advisories/GHSA-wc...
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 914990
Blocks:
  Show dependency tree
 
Reported: 2023-10-01 01:36 UTC by Sam James
Modified: 2023-12-22 01:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Larry the Git Cow gentoo-dev 2023-10-01 02:26:25 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b21c8fb2d6e89435ebd84e9835c34257b7588b2

commit 2b21c8fb2d6e89435ebd84e9835c34257b7588b2
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-10-01 01:55:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-10-01 01:55:11 +0000

    media-libs/libvpx: add 1.13.1
    
    Bug: https://bugs.gentoo.org/914987
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/libvpx/Manifest             |   2 +
 media-libs/libvpx/libvpx-1.13.1.ebuild | 141 +++++++++++++++++++++++++++++++++
 2 files changed, 143 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-10-04 08:14:27 UTC 
GLSA request filed.
Comment 3 Larry the Git Cow gentoo-dev 2023-10-04 10:49:58 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=78441d962cbe20f36c819692b8c5ea5befbaf0be

commit 78441d962cbe20f36c819692b8c5ea5befbaf0be
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-10-04 10:49:17 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-10-04 10:49:54 +0000

    [ GLSA 202310-04 ] libvpx: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/914875
    Bug: https://bugs.gentoo.org/914987
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202310-04.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2023-12-22 01:27:33 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9ecf0bde49f27177c9f1b979293b01378809309

commit c9ecf0bde49f27177c9f1b979293b01378809309
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-12-22 01:26:51 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-12-22 01:27:22 +0000

    media-libs/libvpx: drop 1.12.0-r1, 1.13.0, 1.13.0-r1
    
    Bug: https://bugs.gentoo.org/914987
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-libs/libvpx/Manifest                |   4 -
 media-libs/libvpx/libvpx-1.12.0-r1.ebuild | 142 -----------------------------
 media-libs/libvpx/libvpx-1.13.0-r1.ebuild | 145 ------------------------------
 media-libs/libvpx/libvpx-1.13.0.ebuild    | 141 -----------------------------
 4 files changed, 432 deletions(-)