10:42 p.m.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-d486d13cfd
2023-11-04 03:41:29.345861
--------------------------------------------------------------------------------
Name : stb
Product : Fedora 38
Version : 0^20231011gitbeebb24
Release : 12.fc38
URL : https://github.com/nothings/stb
Summary : Single-file public domain libraries for C/C++
Description :
Single-file public domain libraries for C/C++.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664
CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-43281
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-12
- stb_vorbis: fix GHSL-2023-165 / fix CVE-2023-45675
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-11
- stb_image: fix GHSL-2023-151 / fix CVE-2023-45667
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-10
- stb_image: fix GHSL-2023-150 / fix CVE-2023-45666
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-9
- Document another bug, PR, and name (GHSL-2023-149) for CVE-2023-43898
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-8
- stb_image: fix GHSL-2023-148 / fix CVE-2023-45664
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-7
- stb_image: fix GHSL-2023-147 / fix CVE-2023-45663
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-6
- stb_image: fix GHSL-2023-146 / fix CVE-2023-45662
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-5
- stb_image: fix GHSL-2023-145 / fix CVE-2023-45661
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-4
- Document that 1454.patch fixes CVE-2023-43898
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-3
- Backport a PR fixing undefined behavior in stb_image_resize2
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-2
- Backport three PR���s fixing undefined behavior in stb_image
* Wed Oct 25 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20231011gitbeebb24-1
- Update to 0^beebb24git20231011 (minor C99 fixes)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2246102 - CVE-2023-45661 stb: out of bounds read
https://bugzilla.redhat.com/show_bug.cgi?id=2246102
[ 2 ] Bug #2246103 - CVE-2023-45662 stb: out of bounds read
https://bugzilla.redhat.com/show_bug.cgi?id=2246103
[ 3 ] Bug #2246104 - CVE-2023-45663 stb: memory access violations
https://bugzilla.redhat.com/show_bug.cgi?id=2246104
[ 4 ] Bug #2246105 - CVE-2023-45664 stb: memory access violations
https://bugzilla.redhat.com/show_bug.cgi?id=2246105
[ 5 ] Bug #2246109 - CVE-2023-45666 stb: memory access violation
https://bugzilla.redhat.com/show_bug.cgi?id=2246109
[ 6 ] Bug #2246110 - CVE-2023-45667 stb: memory access violation
https://bugzilla.redhat.com/show_bug.cgi?id=2246110
[ 7 ] Bug #2246320 - CVE-2023-43281 stb: remote denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=2246320
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-d486d13cfd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------