Bug#1001902: lapack: CVE-2021-4048
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 18 16:59:53 GMT 2021
Source: lapack
Version: 3.10.0-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/Reference-LAPACK/lapack/pull/625
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for lapack.
CVE-2021-4048[0]:
| An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV,
| and ZLARRV functions in lapack through version 3.10.0, as also used in
| OpenBLAS before version 0.3.18. Specially crafted inputs passed to
| these functions could cause an application using lapack to crash or
| possibly disclose portions of its memory.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-4048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4048
[1] https://github.com/Reference-LAPACK/lapack/pull/625
[2] https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the debian-science-maintainers
mailing list