[Git][security-tracker-team/security-tracker][master] Add CVE-2021-45943/gdal
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jan 2 21:38:33 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b45bd90 by Salvatore Bonaccorso at 2022-01-02T22:37:41+01:00
Add CVE-2021-45943/gdal
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -135,7 +135,14 @@ CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in
NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
TODO: check, oss-fuzz "fixing commit" cannot be correct as it only removes a documentation snippet.
CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...)
- TODO: check
+ [experimental] - gdal 3.4.1~rc1+dfsg-1~exp1
+ - gdal <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993
+ NOTE: https://github.com/OSGeo/gdal/pull/4944
+ NOTE: https://github.com/OSGeo/gdal/commit/93913a849dc1d217a40dbf9d6e6a3a23c42b61a6 (master)
+ NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947
+ NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1)
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...)
TODO: check
CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b45bd90f20e4cb39a3b313339ae42394d8df71b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b45bd90f20e4cb39a3b313339ae42394d8df71b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220102/444c4dc6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list