CVE-2022-3970

Advisory

Gvsbuild 2022.6.0 includes a fix for CVE-2022-3970, an integer overflow critical vulnerability affecting a C dependency (Libtiff).
https://github.com/wingtk/gvsbuild/pull/744/commits/652f23e9ef52bac8eb9bfad179f8b68ee90be08b

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Changes

- Resolve linker out of memory errors with core limits danyeaw (759)
- Turn off Rich markup on log output danyeaw (757)
- Fix libxml2 missing meson.build error danyeaw (756)
- Update cmake to version 3.25.1 danyeaw (754)
- Update go to version 1.19.1 danyeaw (755)
- build(deps): bump lastversion from 2.4.7 to 2.4.8 (760)
- Update freerdp to version 2.9.0 danyeaw (753)
- Update nuget to version 6.4.0 danyeaw (752)
- Update GTK3 to version 3.24.35 danyeaw (751)
- Build GTK3 and GTK4 in Parallel danyeaw (745)
- Update cairo to 1.17.6, convert to meson danyeaw (749)
- Update meson to version 0.64.1 danyeaw (750)
- Update pycairo to version 1.23.0 danyeaw (746)
- Update pixman to version 0.42.2 danyeaw (748)
- Update pango to version 1.50.12 danyeaw (747)
- Move outdated command package versions to each tool saste (743)
- libtiff: add patch to fix cve 2022-3970 nacho (744)
- Update pkgconf to version 1.9.3 saste (742)
- Update gtk-pixbuf to version 2.42.10 danyeaw (740)
- libsoup2 and SQLite updates, other bugfixes danyeaw (741)
- Update cmake to version 3.25.0 danyeaw (739)
- Update pycairo to version 1.22.0 danyeaw (738)
- Update meson to version 0.64.0 danyeaw (737)
- Fix librsvg hash and gtksourceview dependencies danyeaw (736)
- Build both GTK3 and GTK4 with CI danyeaw (735)
- define tool versions saste (734)
- always define version in projects saste (732)
- mit_kerberos: update to 1.20.1 AlessandroBono (733)

Thanks again to AlessandroBono, danyeaw, nacho, saste and Stefano Sabatini! 🎉

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970