ALT-BU-2023-8335-1
Branch sisyphus_loongarch64 update bulletin.
Package raptor2 updated to version 2.0.16-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2021-03499
Уязвимость компонента raptor_xml_writer_start_element_common библиотеки на Си Raptor, связанная с записью за границами буфера, позволяющая нарушителю нарушить целостность данных или вызвать отказ в обслуживании
BDU:2022-05307
Уязвимость функции raptor_xml_writer_start_element_common библиотеки Raptor, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2017-18926
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).
- [oss-security] 20201113 Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201113 Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201113 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201113 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201114 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201114 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
- https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
- [debian-lts-announce] 20201107 [SECURITY] [DLA 2438-1] raptor2 security update
- [debian-lts-announce] 20201107 [SECURITY] [DLA 2438-1] raptor2 security update
- FEDORA-2020-b15dd44972
- FEDORA-2020-b15dd44972
- FEDORA-2020-d6675a61f1
- FEDORA-2020-d6675a61f1
- FEDORA-2020-3c1e69f1b1
- FEDORA-2020-3c1e69f1b1
- DSA-4785
- DSA-4785
- https://www.openwall.com/lists/oss-security/2017/06/07/1
- https://www.openwall.com/lists/oss-security/2017/06/07/1
Modified: 2024-11-21
CVE-2020-25713
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
- [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- [oss-security] 20201116 Re: Buffer Overflow in raptor widely unfixed in Linux distros
- https://bugs.librdf.org/mantis/view.php?id=650
- https://bugs.librdf.org/mantis/view.php?id=650
- https://bugzilla.redhat.com/show_bug.cgi?id=1900685
- https://bugzilla.redhat.com/show_bug.cgi?id=1900685
- [debian-lts-announce] 20211214 [SECURITY] [DLA 2846-1] raptor2 security update
- [debian-lts-announce] 20211214 [SECURITY] [DLA 2846-1] raptor2 security update
- FEDORA-2021-8fe81dcf9f
- FEDORA-2021-8fe81dcf9f
- FEDORA-2021-5752e07eb6
- FEDORA-2021-5752e07eb6
Closed bugs
FTBFS с 16 декабря
Package libde265 updated to version 1.0.15-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-49465
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc.
Modified: 2024-11-21
CVE-2023-49467
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.
Modified: 2024-11-21
CVE-2023-49468
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.
Package libheif updated to version 1.17.6-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-49460
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
Modified: 2024-11-21
CVE-2023-49462
libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
Modified: 2024-11-21
CVE-2023-49463
libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
Modified: 2024-11-21
CVE-2023-49464
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.