Bug 1203278 - (CVE-2022-38529) VUL-0: CVE-2022-38529: godot: heap-buffer overflow via the component rleUncompress.
(CVE-2022-38529)
VUL-0: CVE-2022-38529: godot: heap-buffer overflow via the component rleUncom...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: c unix
Security Team bot
https://smash.suse.de/issue/341670/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-09 08:28 UTC by Carlos López
Modified: 2022-09-27 07:44 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Carlos López 2022-09-09 08:29:50 UTC
Godot embeds tinyexr under the thirdparty/tinyexr/ path.
Comment 2 OBSbugzilla Bot 2022-09-16 18:25:03 UTC
This is an autogenerated message for OBS integration:
This bug (1203278) was mentioned in
https://build.opensuse.org/request/show/1004169 Factory / godot
Comment 3 c unix 2022-09-22 17:21:29 UTC
(In reply to OBSbugzilla Bot from comment #2)
> https://build.opensuse.org/request/show/1004169 Factory / godot

with this accepted it is fixed?
Comment 4 Carlos López 2022-09-27 07:44:26 UTC
(In reply to c unix from comment #3)
> (In reply to OBSbugzilla Bot from comment #2)
> > https://build.opensuse.org/request/show/1004169 Factory / godot
> 
> with this accepted it is fixed?

Correct