[Buildroot] [PATCH 1/1] package/matio: add upstream security fixes
Peter Korsgaard
peter at korsgaard.com
Fri May 29 19:59:46 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix the following CVEs:
> - CVE-2019-17533: Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits
> a certain '\0' character, leading to a heap-based buffer over-read in
> strdup_vprintf when uninitialized memory is accessed.
> - CVE-2019-20017: A stack-based buffer over-read was discovered in
> Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17.
> - CVE-2019-20018: A stack-based buffer over-read was discovered in
> ReadNextCell in mat5.c in matio 1.5.17.
> - CVE-2019-20020: A stack-based buffer over-read was discovered in
> ReadNextStructField in mat5.c in matio 1.5.17.
> - CVE-2019-20052: A memory leak was discovered in Mat_VarCalloc in
> mat.c in matio 1.5.17 because SafeMulDims does not consider the
> rank==0 case.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list