ALT-BU-2023-8335-1
Branch sisyphus_loongarch64 update bulletin.
Package raptor2 updated to version 2.0.16-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-09-05
BDU:2021-03499
Уязвимость компонента raptor_xml_writer_start_element_common библиотеки на Си Raptor, связанная с записью за границами буфера, позволяющая нарушителю нарушить целостность данных или вызвать отказ в обслуживании
Modified: 2024-02-27
BDU:2022-05307
Уязвимость функции raptor_xml_writer_start_element_common библиотеки Raptor, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2017-18926
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).
- http://www.openwall.com/lists/oss-security/2020/11/13/1
- http://www.openwall.com/lists/oss-security/2020/11/13/2
- http://www.openwall.com/lists/oss-security/2020/11/14/2
- http://www.openwall.com/lists/oss-security/2020/11/16/2
- http://www.openwall.com/lists/oss-security/2020/11/16/3
- https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
- https://lists.debian.org/debian-lts-announce/2020/11/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD67AVORGQXORPWNYYUHCH6YPPT6CI4O/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVHFYQDMVEBICIL4DBAGRRLPUR4QYWMV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDZRNM45VPTQF2BKRWG4YRCHJGQ2L7NS/
- https://www.debian.org/security/2020/dsa-4785
- https://www.openwall.com/lists/oss-security/2017/06/07/1
- http://www.openwall.com/lists/oss-security/2020/11/13/1
- http://www.openwall.com/lists/oss-security/2020/11/13/2
- http://www.openwall.com/lists/oss-security/2020/11/14/2
- http://www.openwall.com/lists/oss-security/2020/11/16/2
- http://www.openwall.com/lists/oss-security/2020/11/16/3
- https://github.com/LibreOffice/core/blob/master/external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1
- https://lists.debian.org/debian-lts-announce/2020/11/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD67AVORGQXORPWNYYUHCH6YPPT6CI4O/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVHFYQDMVEBICIL4DBAGRRLPUR4QYWMV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDZRNM45VPTQF2BKRWG4YRCHJGQ2L7NS/
- https://www.debian.org/security/2020/dsa-4785
- https://www.openwall.com/lists/oss-security/2017/06/07/1
Modified: 2024-11-21
CVE-2020-25713
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
- http://www.openwall.com/lists/oss-security/2020/11/16/1
- https://bugs.librdf.org/mantis/view.php?id=650
- https://bugzilla.redhat.com/show_bug.cgi?id=1900685
- https://lists.debian.org/debian-lts-announce/2021/12/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27EQ2JCVMKG3EYTBYO4642P773I2NYUV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUIND56AOKEHHBE4OYV57M73LLOLJRLV/
- http://www.openwall.com/lists/oss-security/2020/11/16/1
- https://bugs.librdf.org/mantis/view.php?id=650
- https://bugzilla.redhat.com/show_bug.cgi?id=1900685
- https://lists.debian.org/debian-lts-announce/2021/12/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27EQ2JCVMKG3EYTBYO4642P773I2NYUV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUIND56AOKEHHBE4OYV57M73LLOLJRLV/
Closed bugs
FTBFS с 16 декабря
Package libde265 updated to version 1.0.15-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-49465
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc.
Modified: 2024-11-21
CVE-2023-49467
Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.
Modified: 2024-11-21
CVE-2023-49468
Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.
Package libheif updated to version 1.17.6-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2023-49460
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
Modified: 2024-11-21
CVE-2023-49462
libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
Modified: 2024-11-21
CVE-2023-49463
libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
Modified: 2024-11-21
CVE-2023-49464
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.