Gentoo 2508 Published by

The following security updates are available for Gentoo Linux;

[ GLSA 202408-23 ] GnuPG: Multiple Vulnerabilities
[ GLSA 202408-22 ] Bundler: Multiple Vulnerabilities
[ GLSA 202408-21 ] GPAC: Multiple Vulnerabilities
[ GLSA 202408-20 ] libde265: Multiple Vulnerabilities




[ GLSA 202408-23 ] GnuPG: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202408-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: GnuPG: Multiple Vulnerabilities
Date: August 10, 2024
Bugs: #855395, #923248
ID: 202408-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in GnuPG, the worst of
which could lead to signature spoofing.

Background
==========

The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of
cryptographic software.

Affected packages
=================

Package Vulnerable Unaffected
--------------- ------------ ------------
app-crypt/gnupg < 2.4.4 >= 2.4.4

Description
===========

Multiple vulnerabilities have been discovered in GnuPG. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GnuPG users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/gnupg-2.4.4"

References
==========

[ 1 ] CVE-2022-34903
https://nvd.nist.gov/vuln/detail/CVE-2022-34903

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202408-23

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202408-22 ] Bundler: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202408-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Bundler: Multiple Vulnerabilities
Date: August 10, 2024
Bugs: #743214, #798135, #828884
ID: 202408-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Bundler, the worst of
which could lead to arbitrary code execution.

Background
==========

Bundler provides a consistent environment for Ruby projects by tracking
and installing the exact gems and versions that are needed.

Affected packages
=================

Package Vulnerable Unaffected
---------------- ------------ ------------
dev-ruby/bundler < 2.2.33 >= 2.2.33

Description
===========

Multiple vulnerabilities have been discovered in Bundler. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Bundler users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-ruby/bundler-2.2.33"

References
==========

[ 1 ] CVE-2019-3881
https://nvd.nist.gov/vuln/detail/CVE-2019-3881
[ 2 ] CVE-2020-36327
https://nvd.nist.gov/vuln/detail/CVE-2020-36327
[ 3 ] CVE-2021-43809
https://nvd.nist.gov/vuln/detail/CVE-2021-43809

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202408-22

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202408-21 ] GPAC: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202408-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: GPAC: Multiple Vulnerabilities
Date: August 10, 2024
Bugs: #785649, #835341
ID: 202408-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in GPAC, the worst of
which could lead to arbitrary code execution.

Background
==========

GPAC is an implementation of the MPEG-4 Systems standard developed from
scratch in ANSI C.

Affected packages
=================

Package Vulnerable Unaffected
---------------- ------------ ------------
media-video/gpac < 2.2.0 >= 2.2.0

Description
===========

Multiple vulnerabilities have been discovered in GPAC. Please review the
CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GPAC users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/gpac-2.2.0"

References
==========

[ 1 ] CVE-2020-22673
https://nvd.nist.gov/vuln/detail/CVE-2020-22673
[ 2 ] CVE-2020-22674
https://nvd.nist.gov/vuln/detail/CVE-2020-22674
[ 3 ] CVE-2020-22675
https://nvd.nist.gov/vuln/detail/CVE-2020-22675
[ 4 ] CVE-2020-22677
https://nvd.nist.gov/vuln/detail/CVE-2020-22677
[ 5 ] CVE-2020-22678
https://nvd.nist.gov/vuln/detail/CVE-2020-22678
[ 6 ] CVE-2020-22679
https://nvd.nist.gov/vuln/detail/CVE-2020-22679
[ 7 ] CVE-2020-25427
https://nvd.nist.gov/vuln/detail/CVE-2020-25427
[ 8 ] CVE-2020-35979
https://nvd.nist.gov/vuln/detail/CVE-2020-35979
[ 9 ] CVE-2020-35980
https://nvd.nist.gov/vuln/detail/CVE-2020-35980
[ 10 ] CVE-2020-35981
https://nvd.nist.gov/vuln/detail/CVE-2020-35981
[ 11 ] CVE-2020-35982
https://nvd.nist.gov/vuln/detail/CVE-2020-35982
[ 12 ] CVE-2021-4043
https://nvd.nist.gov/vuln/detail/CVE-2021-4043
[ 13 ] CVE-2021-21834
https://nvd.nist.gov/vuln/detail/CVE-2021-21834
[ 14 ] CVE-2021-21835
https://nvd.nist.gov/vuln/detail/CVE-2021-21835
[ 15 ] CVE-2021-21836
https://nvd.nist.gov/vuln/detail/CVE-2021-21836
[ 16 ] CVE-2021-21837
https://nvd.nist.gov/vuln/detail/CVE-2021-21837
[ 17 ] CVE-2021-21838
https://nvd.nist.gov/vuln/detail/CVE-2021-21838
[ 18 ] CVE-2021-21839
https://nvd.nist.gov/vuln/detail/CVE-2021-21839
[ 19 ] CVE-2021-21840
https://nvd.nist.gov/vuln/detail/CVE-2021-21840
[ 20 ] CVE-2021-21841
https://nvd.nist.gov/vuln/detail/CVE-2021-21841
[ 21 ] CVE-2021-21842
https://nvd.nist.gov/vuln/detail/CVE-2021-21842
[ 22 ] CVE-2021-21843
https://nvd.nist.gov/vuln/detail/CVE-2021-21843
[ 23 ] CVE-2021-21844
https://nvd.nist.gov/vuln/detail/CVE-2021-21844
[ 24 ] CVE-2021-21845
https://nvd.nist.gov/vuln/detail/CVE-2021-21845
[ 25 ] CVE-2021-21846
https://nvd.nist.gov/vuln/detail/CVE-2021-21846
[ 26 ] CVE-2021-21847
https://nvd.nist.gov/vuln/detail/CVE-2021-21847
[ 27 ] CVE-2021-21848
https://nvd.nist.gov/vuln/detail/CVE-2021-21848
[ 28 ] CVE-2021-21849
https://nvd.nist.gov/vuln/detail/CVE-2021-21849
[ 29 ] CVE-2021-21850
https://nvd.nist.gov/vuln/detail/CVE-2021-21850
[ 30 ] CVE-2021-21851
https://nvd.nist.gov/vuln/detail/CVE-2021-21851
[ 31 ] CVE-2021-21852
https://nvd.nist.gov/vuln/detail/CVE-2021-21852
[ 32 ] CVE-2021-21853
https://nvd.nist.gov/vuln/detail/CVE-2021-21853
[ 33 ] CVE-2021-21854
https://nvd.nist.gov/vuln/detail/CVE-2021-21854
[ 34 ] CVE-2021-21855
https://nvd.nist.gov/vuln/detail/CVE-2021-21855
[ 35 ] CVE-2021-21856
https://nvd.nist.gov/vuln/detail/CVE-2021-21856
[ 36 ] CVE-2021-21857
https://nvd.nist.gov/vuln/detail/CVE-2021-21857
[ 37 ] CVE-2021-21858
https://nvd.nist.gov/vuln/detail/CVE-2021-21858
[ 38 ] CVE-2021-21859
https://nvd.nist.gov/vuln/detail/CVE-2021-21859
[ 39 ] CVE-2021-21860
https://nvd.nist.gov/vuln/detail/CVE-2021-21860
[ 40 ] CVE-2021-21861
https://nvd.nist.gov/vuln/detail/CVE-2021-21861
[ 41 ] CVE-2021-21862
https://nvd.nist.gov/vuln/detail/CVE-2021-21862
[ 42 ] CVE-2021-30014
https://nvd.nist.gov/vuln/detail/CVE-2021-30014
[ 43 ] CVE-2021-30015
https://nvd.nist.gov/vuln/detail/CVE-2021-30015
[ 44 ] CVE-2021-30019
https://nvd.nist.gov/vuln/detail/CVE-2021-30019
[ 45 ] CVE-2021-30020
https://nvd.nist.gov/vuln/detail/CVE-2021-30020
[ 46 ] CVE-2021-30022
https://nvd.nist.gov/vuln/detail/CVE-2021-30022
[ 47 ] CVE-2021-30199
https://nvd.nist.gov/vuln/detail/CVE-2021-30199
[ 48 ] CVE-2021-31254
https://nvd.nist.gov/vuln/detail/CVE-2021-31254
[ 49 ] CVE-2021-31255
https://nvd.nist.gov/vuln/detail/CVE-2021-31255
[ 50 ] CVE-2021-31256
https://nvd.nist.gov/vuln/detail/CVE-2021-31256
[ 51 ] CVE-2021-31257
https://nvd.nist.gov/vuln/detail/CVE-2021-31257
[ 52 ] CVE-2021-31258
https://nvd.nist.gov/vuln/detail/CVE-2021-31258
[ 53 ] CVE-2021-31259
https://nvd.nist.gov/vuln/detail/CVE-2021-31259
[ 54 ] CVE-2021-31260
https://nvd.nist.gov/vuln/detail/CVE-2021-31260
[ 55 ] CVE-2021-31261
https://nvd.nist.gov/vuln/detail/CVE-2021-31261
[ 56 ] CVE-2021-31262
https://nvd.nist.gov/vuln/detail/CVE-2021-31262
[ 57 ] CVE-2021-32132
https://nvd.nist.gov/vuln/detail/CVE-2021-32132
[ 58 ] CVE-2021-32134
https://nvd.nist.gov/vuln/detail/CVE-2021-32134
[ 59 ] CVE-2021-32135
https://nvd.nist.gov/vuln/detail/CVE-2021-32135
[ 60 ] CVE-2021-32136
https://nvd.nist.gov/vuln/detail/CVE-2021-32136
[ 61 ] CVE-2021-32137
https://nvd.nist.gov/vuln/detail/CVE-2021-32137
[ 62 ] CVE-2021-32138
https://nvd.nist.gov/vuln/detail/CVE-2021-32138
[ 63 ] CVE-2021-32139
https://nvd.nist.gov/vuln/detail/CVE-2021-32139
[ 64 ] CVE-2021-32437
https://nvd.nist.gov/vuln/detail/CVE-2021-32437
[ 65 ] CVE-2021-32438
https://nvd.nist.gov/vuln/detail/CVE-2021-32438
[ 66 ] CVE-2021-32439
https://nvd.nist.gov/vuln/detail/CVE-2021-32439
[ 67 ] CVE-2021-32440
https://nvd.nist.gov/vuln/detail/CVE-2021-32440
[ 68 ] CVE-2021-33361
https://nvd.nist.gov/vuln/detail/CVE-2021-33361
[ 69 ] CVE-2021-33362
https://nvd.nist.gov/vuln/detail/CVE-2021-33362
[ 70 ] CVE-2021-33363
https://nvd.nist.gov/vuln/detail/CVE-2021-33363
[ 71 ] CVE-2021-33364
https://nvd.nist.gov/vuln/detail/CVE-2021-33364
[ 72 ] CVE-2021-33365
https://nvd.nist.gov/vuln/detail/CVE-2021-33365
[ 73 ] CVE-2021-33366
https://nvd.nist.gov/vuln/detail/CVE-2021-33366
[ 74 ] CVE-2021-36412
https://nvd.nist.gov/vuln/detail/CVE-2021-36412
[ 75 ] CVE-2021-36414
https://nvd.nist.gov/vuln/detail/CVE-2021-36414
[ 76 ] CVE-2021-36417
https://nvd.nist.gov/vuln/detail/CVE-2021-36417
[ 77 ] CVE-2021-36584
https://nvd.nist.gov/vuln/detail/CVE-2021-36584
[ 78 ] CVE-2021-40559
https://nvd.nist.gov/vuln/detail/CVE-2021-40559
[ 79 ] CVE-2021-40562
https://nvd.nist.gov/vuln/detail/CVE-2021-40562
[ 80 ] CVE-2021-40563
https://nvd.nist.gov/vuln/detail/CVE-2021-40563
[ 81 ] CVE-2021-40564
https://nvd.nist.gov/vuln/detail/CVE-2021-40564
[ 82 ] CVE-2021-40565
https://nvd.nist.gov/vuln/detail/CVE-2021-40565
[ 83 ] CVE-2021-40566
https://nvd.nist.gov/vuln/detail/CVE-2021-40566
[ 84 ] CVE-2021-40567
https://nvd.nist.gov/vuln/detail/CVE-2021-40567
[ 85 ] CVE-2021-40568
https://nvd.nist.gov/vuln/detail/CVE-2021-40568
[ 86 ] CVE-2021-40569
https://nvd.nist.gov/vuln/detail/CVE-2021-40569
[ 87 ] CVE-2021-40570
https://nvd.nist.gov/vuln/detail/CVE-2021-40570
[ 88 ] CVE-2021-40571
https://nvd.nist.gov/vuln/detail/CVE-2021-40571
[ 89 ] CVE-2021-40572
https://nvd.nist.gov/vuln/detail/CVE-2021-40572
[ 90 ] CVE-2021-40573
https://nvd.nist.gov/vuln/detail/CVE-2021-40573
[ 91 ] CVE-2021-40574
https://nvd.nist.gov/vuln/detail/CVE-2021-40574
[ 92 ] CVE-2021-40575
https://nvd.nist.gov/vuln/detail/CVE-2021-40575
[ 93 ] CVE-2021-40576
https://nvd.nist.gov/vuln/detail/CVE-2021-40576
[ 94 ] CVE-2021-40592
https://nvd.nist.gov/vuln/detail/CVE-2021-40592
[ 95 ] CVE-2021-40606
https://nvd.nist.gov/vuln/detail/CVE-2021-40606
[ 96 ] CVE-2021-40607
https://nvd.nist.gov/vuln/detail/CVE-2021-40607
[ 97 ] CVE-2021-40608
https://nvd.nist.gov/vuln/detail/CVE-2021-40608
[ 98 ] CVE-2021-40609
https://nvd.nist.gov/vuln/detail/CVE-2021-40609
[ 99 ] CVE-2021-40942
https://nvd.nist.gov/vuln/detail/CVE-2021-40942
[ 100 ] CVE-2021-40944
https://nvd.nist.gov/vuln/detail/CVE-2021-40944
[ 101 ] CVE-2021-41456
https://nvd.nist.gov/vuln/detail/CVE-2021-41456
[ 102 ] CVE-2021-41457
https://nvd.nist.gov/vuln/detail/CVE-2021-41457
[ 103 ] CVE-2021-41458
https://nvd.nist.gov/vuln/detail/CVE-2021-41458
[ 104 ] CVE-2021-41459
https://nvd.nist.gov/vuln/detail/CVE-2021-41459
[ 105 ] CVE-2021-44918
https://nvd.nist.gov/vuln/detail/CVE-2021-44918
[ 106 ] CVE-2021-44919
https://nvd.nist.gov/vuln/detail/CVE-2021-44919
[ 107 ] CVE-2021-44920
https://nvd.nist.gov/vuln/detail/CVE-2021-44920
[ 108 ] CVE-2021-44921
https://nvd.nist.gov/vuln/detail/CVE-2021-44921
[ 109 ] CVE-2021-44922
https://nvd.nist.gov/vuln/detail/CVE-2021-44922
[ 110 ] CVE-2021-44923
https://nvd.nist.gov/vuln/detail/CVE-2021-44923
[ 111 ] CVE-2021-44924
https://nvd.nist.gov/vuln/detail/CVE-2021-44924
[ 112 ] CVE-2021-44925
https://nvd.nist.gov/vuln/detail/CVE-2021-44925
[ 113 ] CVE-2021-44926
https://nvd.nist.gov/vuln/detail/CVE-2021-44926
[ 114 ] CVE-2021-44927
https://nvd.nist.gov/vuln/detail/CVE-2021-44927
[ 115 ] CVE-2021-45258
https://nvd.nist.gov/vuln/detail/CVE-2021-45258
[ 116 ] CVE-2021-45259
https://nvd.nist.gov/vuln/detail/CVE-2021-45259
[ 117 ] CVE-2021-45260
https://nvd.nist.gov/vuln/detail/CVE-2021-45260
[ 118 ] CVE-2021-45262
https://nvd.nist.gov/vuln/detail/CVE-2021-45262
[ 119 ] CVE-2021-45263
https://nvd.nist.gov/vuln/detail/CVE-2021-45263
[ 120 ] CVE-2021-45266
https://nvd.nist.gov/vuln/detail/CVE-2021-45266
[ 121 ] CVE-2021-45267
https://nvd.nist.gov/vuln/detail/CVE-2021-45267
[ 122 ] CVE-2021-45288
https://nvd.nist.gov/vuln/detail/CVE-2021-45288
[ 123 ] CVE-2021-45289
https://nvd.nist.gov/vuln/detail/CVE-2021-45289
[ 124 ] CVE-2021-45291
https://nvd.nist.gov/vuln/detail/CVE-2021-45291
[ 125 ] CVE-2021-45292
https://nvd.nist.gov/vuln/detail/CVE-2021-45292
[ 126 ] CVE-2021-45297
https://nvd.nist.gov/vuln/detail/CVE-2021-45297
[ 127 ] CVE-2021-45760
https://nvd.nist.gov/vuln/detail/CVE-2021-45760
[ 128 ] CVE-2021-45762
https://nvd.nist.gov/vuln/detail/CVE-2021-45762
[ 129 ] CVE-2021-45763
https://nvd.nist.gov/vuln/detail/CVE-2021-45763
[ 130 ] CVE-2021-45764
https://nvd.nist.gov/vuln/detail/CVE-2021-45764
[ 131 ] CVE-2021-45767
https://nvd.nist.gov/vuln/detail/CVE-2021-45767
[ 132 ] CVE-2021-45831
https://nvd.nist.gov/vuln/detail/CVE-2021-45831
[ 133 ] CVE-2021-46038
https://nvd.nist.gov/vuln/detail/CVE-2021-46038
[ 134 ] CVE-2021-46039
https://nvd.nist.gov/vuln/detail/CVE-2021-46039
[ 135 ] CVE-2021-46040
https://nvd.nist.gov/vuln/detail/CVE-2021-46040
[ 136 ] CVE-2021-46041
https://nvd.nist.gov/vuln/detail/CVE-2021-46041
[ 137 ] CVE-2021-46042
https://nvd.nist.gov/vuln/detail/CVE-2021-46042
[ 138 ] CVE-2021-46043
https://nvd.nist.gov/vuln/detail/CVE-2021-46043
[ 139 ] CVE-2021-46044
https://nvd.nist.gov/vuln/detail/CVE-2021-46044
[ 140 ] CVE-2021-46045
https://nvd.nist.gov/vuln/detail/CVE-2021-46045
[ 141 ] CVE-2021-46046
https://nvd.nist.gov/vuln/detail/CVE-2021-46046
[ 142 ] CVE-2021-46047
https://nvd.nist.gov/vuln/detail/CVE-2021-46047
[ 143 ] CVE-2021-46049
https://nvd.nist.gov/vuln/detail/CVE-2021-46049
[ 144 ] CVE-2021-46051
https://nvd.nist.gov/vuln/detail/CVE-2021-46051
[ 145 ] CVE-2021-46234
https://nvd.nist.gov/vuln/detail/CVE-2021-46234
[ 146 ] CVE-2021-46236
https://nvd.nist.gov/vuln/detail/CVE-2021-46236
[ 147 ] CVE-2021-46237
https://nvd.nist.gov/vuln/detail/CVE-2021-46237
[ 148 ] CVE-2021-46238
https://nvd.nist.gov/vuln/detail/CVE-2021-46238
[ 149 ] CVE-2021-46239
https://nvd.nist.gov/vuln/detail/CVE-2021-46239
[ 150 ] CVE-2021-46240
https://nvd.nist.gov/vuln/detail/CVE-2021-46240
[ 151 ] CVE-2021-46311
https://nvd.nist.gov/vuln/detail/CVE-2021-46311
[ 152 ] CVE-2021-46313
https://nvd.nist.gov/vuln/detail/CVE-2021-46313
[ 153 ] CVE-2022-1035
https://nvd.nist.gov/vuln/detail/CVE-2022-1035
[ 154 ] CVE-2022-1172
https://nvd.nist.gov/vuln/detail/CVE-2022-1172
[ 155 ] CVE-2022-1222
https://nvd.nist.gov/vuln/detail/CVE-2022-1222
[ 156 ] CVE-2022-1441
https://nvd.nist.gov/vuln/detail/CVE-2022-1441
[ 157 ] CVE-2022-1795
https://nvd.nist.gov/vuln/detail/CVE-2022-1795
[ 158 ] CVE-2022-2453
https://nvd.nist.gov/vuln/detail/CVE-2022-2453
[ 159 ] CVE-2022-2454
https://nvd.nist.gov/vuln/detail/CVE-2022-2454
[ 160 ] CVE-2022-2549
https://nvd.nist.gov/vuln/detail/CVE-2022-2549
[ 161 ] CVE-2022-3178
https://nvd.nist.gov/vuln/detail/CVE-2022-3178
[ 162 ] CVE-2022-3222
https://nvd.nist.gov/vuln/detail/CVE-2022-3222
[ 163 ] CVE-2022-3957
https://nvd.nist.gov/vuln/detail/CVE-2022-3957
[ 164 ] CVE-2022-4202
https://nvd.nist.gov/vuln/detail/CVE-2022-4202
[ 165 ] CVE-2022-24249
https://nvd.nist.gov/vuln/detail/CVE-2022-24249
[ 166 ] CVE-2022-24574
https://nvd.nist.gov/vuln/detail/CVE-2022-24574
[ 167 ] CVE-2022-24575
https://nvd.nist.gov/vuln/detail/CVE-2022-24575
[ 168 ] CVE-2022-24576
https://nvd.nist.gov/vuln/detail/CVE-2022-24576
[ 169 ] CVE-2022-24577
https://nvd.nist.gov/vuln/detail/CVE-2022-24577
[ 170 ] CVE-2022-24578
https://nvd.nist.gov/vuln/detail/CVE-2022-24578
[ 171 ] CVE-2022-26967
https://nvd.nist.gov/vuln/detail/CVE-2022-26967
[ 172 ] CVE-2022-27145
https://nvd.nist.gov/vuln/detail/CVE-2022-27145
[ 173 ] CVE-2022-27146
https://nvd.nist.gov/vuln/detail/CVE-2022-27146
[ 174 ] CVE-2022-27147
https://nvd.nist.gov/vuln/detail/CVE-2022-27147
[ 175 ] CVE-2022-27148
https://nvd.nist.gov/vuln/detail/CVE-2022-27148
[ 176 ] CVE-2022-29339
https://nvd.nist.gov/vuln/detail/CVE-2022-29339
[ 177 ] CVE-2022-29340
https://nvd.nist.gov/vuln/detail/CVE-2022-29340
[ 178 ] CVE-2022-29537
https://nvd.nist.gov/vuln/detail/CVE-2022-29537
[ 179 ] CVE-2022-30976
https://nvd.nist.gov/vuln/detail/CVE-2022-30976
[ 180 ] CVE-2022-36186
https://nvd.nist.gov/vuln/detail/CVE-2022-36186
[ 181 ] CVE-2022-36190
https://nvd.nist.gov/vuln/detail/CVE-2022-36190
[ 182 ] CVE-2022-36191
https://nvd.nist.gov/vuln/detail/CVE-2022-36191
[ 183 ] CVE-2022-38530
https://nvd.nist.gov/vuln/detail/CVE-2022-38530
[ 184 ] CVE-2022-43039
https://nvd.nist.gov/vuln/detail/CVE-2022-43039
[ 185 ] CVE-2022-43040
https://nvd.nist.gov/vuln/detail/CVE-2022-43040
[ 186 ] CVE-2022-43042
https://nvd.nist.gov/vuln/detail/CVE-2022-43042
[ 187 ] CVE-2022-43043
https://nvd.nist.gov/vuln/detail/CVE-2022-43043
[ 188 ] CVE-2022-43044
https://nvd.nist.gov/vuln/detail/CVE-2022-43044
[ 189 ] CVE-2022-43045
https://nvd.nist.gov/vuln/detail/CVE-2022-43045
[ 190 ] CVE-2022-43254
https://nvd.nist.gov/vuln/detail/CVE-2022-43254
[ 191 ] CVE-2022-43255
https://nvd.nist.gov/vuln/detail/CVE-2022-43255
[ 192 ] CVE-2022-45202
https://nvd.nist.gov/vuln/detail/CVE-2022-45202
[ 193 ] CVE-2022-45204
https://nvd.nist.gov/vuln/detail/CVE-2022-45204
[ 194 ] CVE-2022-45283
https://nvd.nist.gov/vuln/detail/CVE-2022-45283
[ 195 ] CVE-2022-45343
https://nvd.nist.gov/vuln/detail/CVE-2022-45343
[ 196 ] CVE-2022-46489
https://nvd.nist.gov/vuln/detail/CVE-2022-46489
[ 197 ] CVE-2022-46490
https://nvd.nist.gov/vuln/detail/CVE-2022-46490
[ 198 ] CVE-2022-47086
https://nvd.nist.gov/vuln/detail/CVE-2022-47086
[ 199 ] CVE-2022-47087
https://nvd.nist.gov/vuln/detail/CVE-2022-47087
[ 200 ] CVE-2022-47088
https://nvd.nist.gov/vuln/detail/CVE-2022-47088
[ 201 ] CVE-2022-47089
https://nvd.nist.gov/vuln/detail/CVE-2022-47089
[ 202 ] CVE-2022-47091
https://nvd.nist.gov/vuln/detail/CVE-2022-47091
[ 203 ] CVE-2022-47092
https://nvd.nist.gov/vuln/detail/CVE-2022-47092
[ 204 ] CVE-2022-47093
https://nvd.nist.gov/vuln/detail/CVE-2022-47093
[ 205 ] CVE-2022-47094
https://nvd.nist.gov/vuln/detail/CVE-2022-47094
[ 206 ] CVE-2022-47095
https://nvd.nist.gov/vuln/detail/CVE-2022-47095
[ 207 ] CVE-2022-47653
https://nvd.nist.gov/vuln/detail/CVE-2022-47653
[ 208 ] CVE-2022-47654
https://nvd.nist.gov/vuln/detail/CVE-2022-47654
[ 209 ] CVE-2022-47656
https://nvd.nist.gov/vuln/detail/CVE-2022-47656
[ 210 ] CVE-2022-47657
https://nvd.nist.gov/vuln/detail/CVE-2022-47657
[ 211 ] CVE-2022-47658
https://nvd.nist.gov/vuln/detail/CVE-2022-47658
[ 212 ] CVE-2022-47659
https://nvd.nist.gov/vuln/detail/CVE-2022-47659
[ 213 ] CVE-2022-47660
https://nvd.nist.gov/vuln/detail/CVE-2022-47660
[ 214 ] CVE-2022-47661
https://nvd.nist.gov/vuln/detail/CVE-2022-47661
[ 215 ] CVE-2022-47662
https://nvd.nist.gov/vuln/detail/CVE-2022-47662
[ 216 ] CVE-2022-47663
https://nvd.nist.gov/vuln/detail/CVE-2022-47663

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202408-21

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5



[ GLSA 202408-20 ] libde265: Multiple Vulnerabilities


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202408-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: libde265: Multiple Vulnerabilities
Date: August 10, 2024
Bugs: #813486, #889876
ID: 202408-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in libde265, the worst of
which could lead to arbitrary code execution.

Background
==========

Open h.265 video codec implementation.

Affected packages
=================

Package Vulnerable Unaffected
------------------- ------------ ------------
media-libs/libde265 < 1.0.11 >= 1.0.11

Description
===========

Multiple vulnerabilities have been discovered in libde265. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All libde265 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libde265-1.0.11"

References
==========

[ 1 ] CVE-2020-21594
https://nvd.nist.gov/vuln/detail/CVE-2020-21594
[ 2 ] CVE-2020-21595
https://nvd.nist.gov/vuln/detail/CVE-2020-21595
[ 3 ] CVE-2020-21596
https://nvd.nist.gov/vuln/detail/CVE-2020-21596
[ 4 ] CVE-2020-21597
https://nvd.nist.gov/vuln/detail/CVE-2020-21597
[ 5 ] CVE-2020-21598
https://nvd.nist.gov/vuln/detail/CVE-2020-21598
[ 6 ] CVE-2020-21599
https://nvd.nist.gov/vuln/detail/CVE-2020-21599
[ 7 ] CVE-2020-21600
https://nvd.nist.gov/vuln/detail/CVE-2020-21600
[ 8 ] CVE-2020-21601
https://nvd.nist.gov/vuln/detail/CVE-2020-21601
[ 9 ] CVE-2020-21602
https://nvd.nist.gov/vuln/detail/CVE-2020-21602
[ 10 ] CVE-2020-21603
https://nvd.nist.gov/vuln/detail/CVE-2020-21603
[ 11 ] CVE-2020-21604
https://nvd.nist.gov/vuln/detail/CVE-2020-21604
[ 12 ] CVE-2020-21605
https://nvd.nist.gov/vuln/detail/CVE-2020-21605
[ 13 ] CVE-2020-21606
https://nvd.nist.gov/vuln/detail/CVE-2020-21606
[ 14 ] CVE-2021-35452
https://nvd.nist.gov/vuln/detail/CVE-2021-35452
[ 15 ] CVE-2021-36408
https://nvd.nist.gov/vuln/detail/CVE-2021-36408
[ 16 ] CVE-2021-36409
https://nvd.nist.gov/vuln/detail/CVE-2021-36409
[ 17 ] CVE-2021-36410
https://nvd.nist.gov/vuln/detail/CVE-2021-36410
[ 18 ] CVE-2021-36411
https://nvd.nist.gov/vuln/detail/CVE-2021-36411
[ 19 ] CVE-2022-1253
https://nvd.nist.gov/vuln/detail/CVE-2022-1253
[ 20 ] CVE-2022-43235
https://nvd.nist.gov/vuln/detail/CVE-2022-43235
[ 21 ] CVE-2022-43236
https://nvd.nist.gov/vuln/detail/CVE-2022-43236
[ 22 ] CVE-2022-43237
https://nvd.nist.gov/vuln/detail/CVE-2022-43237
[ 23 ] CVE-2022-43238
https://nvd.nist.gov/vuln/detail/CVE-2022-43238
[ 24 ] CVE-2022-43239
https://nvd.nist.gov/vuln/detail/CVE-2022-43239
[ 25 ] CVE-2022-43240
https://nvd.nist.gov/vuln/detail/CVE-2022-43240
[ 26 ] CVE-2022-43241
https://nvd.nist.gov/vuln/detail/CVE-2022-43241
[ 27 ] CVE-2022-43242
https://nvd.nist.gov/vuln/detail/CVE-2022-43242
[ 28 ] CVE-2022-43243
https://nvd.nist.gov/vuln/detail/CVE-2022-43243
[ 29 ] CVE-2022-43244
https://nvd.nist.gov/vuln/detail/CVE-2022-43244
[ 30 ] CVE-2022-43245
https://nvd.nist.gov/vuln/detail/CVE-2022-43245
[ 31 ] CVE-2022-43248
https://nvd.nist.gov/vuln/detail/CVE-2022-43248
[ 32 ] CVE-2022-43249
https://nvd.nist.gov/vuln/detail/CVE-2022-43249
[ 33 ] CVE-2022-43250
https://nvd.nist.gov/vuln/detail/CVE-2022-43250
[ 34 ] CVE-2022-43252
https://nvd.nist.gov/vuln/detail/CVE-2022-43252
[ 35 ] CVE-2022-43253
https://nvd.nist.gov/vuln/detail/CVE-2022-43253
[ 36 ] CVE-2022-47655
https://nvd.nist.gov/vuln/detail/CVE-2022-47655
[ 37 ] CVE-2022-47664
https://nvd.nist.gov/vuln/detail/CVE-2022-47664
[ 38 ] CVE-2022-47665
https://nvd.nist.gov/vuln/detail/CVE-2022-47665
[ 39 ] CVE-2023-24751
https://nvd.nist.gov/vuln/detail/CVE-2023-24751
[ 40 ] CVE-2023-24752
https://nvd.nist.gov/vuln/detail/CVE-2023-24752
[ 41 ] CVE-2023-24754
https://nvd.nist.gov/vuln/detail/CVE-2023-24754
[ 42 ] CVE-2023-24755
https://nvd.nist.gov/vuln/detail/CVE-2023-24755
[ 43 ] CVE-2023-24756
https://nvd.nist.gov/vuln/detail/CVE-2023-24756
[ 44 ] CVE-2023-24757
https://nvd.nist.gov/vuln/detail/CVE-2023-24757
[ 45 ] CVE-2023-24758
https://nvd.nist.gov/vuln/detail/CVE-2023-24758
[ 46 ] CVE-2023-25221
https://nvd.nist.gov/vuln/detail/CVE-2023-25221

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202408-20

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5