aboutsummaryrefslogtreecommitdiff
path: root/package/matio/0003-Fix-illegal-memory-access.patch
Commit message (Collapse)AuthorAgeFilesLines
* package/matio: bump to version 1.5.18Gravatar Fabrice Fontaine2020-09-201-46/+0
| | | | | | | | | | | - Drop all patches (already in version) - Update hash of COPYING (update in year: https://github.com/tbeu/matio/commit/4638154d738ae1cae3ebac6b86ddcde63e69a92f) https://github.com/tbeu/matio/releases/tag/v1.5.18 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/matio: add upstream security fixesGravatar Fabrice Fontaine2020-05-291-0/+46
Fix the following CVEs: - CVE-2019-17533: Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed. - CVE-2019-20017: A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17. - CVE-2019-20018: A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17. - CVE-2019-20020: A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17. - CVE-2019-20052: A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>