[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-36428/libmatio

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0c86c651 by Salvatore Bonaccorso at 2022-03-30T21:22:35+02:00
Track fixed version for CVE-2020-36428/libmatio

Should be noted that it's not 100% clear. Ogiginally upstream cimed in
saying the issue is invalid, later on apparently re-evaluated it and
fixed it in 1.5.22, cf. [1].

 [1] https://github.com/tbeu/matio/commit/15c9c59173eb217c7fefc74cc36dcb58f24a0d4a#diff-7ee66c4f1536ac84dc5bbff1b8312e2eef24b974b3e48a5c5c2bcfdf2eb8f3ceR6

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46539,7 +46539,7 @@ CVE-2020-36430 (libass 0.15.x before 0.15.1 has a heap-based buffer overflow in
 CVE-2020-36429 (Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds  ...)
 	NOT-FOR-US: open62541
 CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-base ...)
-	- libmatio <unfixed> (bug #991370)
+	- libmatio 1.5.22-1 (bug #991370)
 	[bullseye] - libmatio <no-dsa> (Minor issue)
 	[buster] - libmatio <not-affected> (Vulnerable code not present, introduced in 1.5.18)
 	[stretch] - libmatio <not-affected> (Vulnerable code not present, introduced in 1.5.18)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c86c65142b1639fdcf3c80a35e9c6518bd0839f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c86c65142b1639fdcf3c80a35e9c6518bd0839f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220330/cf601194/attachment.htm>