Bug 1203278 (CVE-2022-38529)

Summary: VUL-0: CVE-2022-38529: godot: heap-buffer overflow via the component rleUncompress.
Product: [openSUSE] openSUSE Tumbleweed Reporter: Carlos López <carlos.lopez>
Component: SecurityAssignee: c unix <cunix>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: maxmitschke
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/341670/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Carlos López 2022-09-09 08:29:50 UTC
Godot embeds tinyexr under the thirdparty/tinyexr/ path.
Comment 2 OBSbugzilla Bot 2022-09-16 18:25:03 UTC
This is an autogenerated message for OBS integration:
This bug (1203278) was mentioned in
https://build.opensuse.org/request/show/1004169 Factory / godot
Comment 3 c unix 2022-09-22 17:21:29 UTC
(In reply to OBSbugzilla Bot from comment #2)
> https://build.opensuse.org/request/show/1004169 Factory / godot

with this accepted it is fixed?
Comment 4 Carlos López 2022-09-27 07:44:26 UTC
(In reply to c unix from comment #3)
> (In reply to OBSbugzilla Bot from comment #2)
> > https://build.opensuse.org/request/show/1004169 Factory / godot
> 
> with this accepted it is fixed?

Correct