Bugzilla – Bug 1227158
VUL-0: CVE-2024-24792: TRACKERBUG: golang.org/x/image/tiff: parsing of a corrupt or malicious image with invalid color indices can cause a panic
Last modified: 2024-07-04 21:35:02 UTC
Parsing a corrupt or malicious image with invalid color indices can cause a panic. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24792 https://www.cve.org/CVERecord?id=CVE-2024-24792 https://go.dev/cl/588115 https://go.dev/issue/67624 https://pkg.go.dev/vuln/GO-2024-2937
This is a build tool mainly intended to be used to be used on OBS, and nobody cares if a package maintainer denies service to themself.
Sorry, closed wrong bug.
Fix is on its way for Tumblweed. What's kind of block me for Leap is that there's still a previous maintenance request [1] in the pipeline and I am somewhat unsure about all the things I will break if I now trigger a second one before that is shipped. [1]: https://build.opensuse.org/project/show/openSUSE:Maintenance:18435
This is an autogenerated message for OBS integration: This bug (1227158) was mentioned in https://build.opensuse.org/request/show/1185695 Factory / keybase-client