git.libre-soc.org Git - buildroot.git/commit

author	Fabrice Fontaine <fontaine.fabrice@gmail.com>
	Sat, 2 May 2020 19:54:38 +0000 (21:54 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Fri, 29 May 2020 19:54:28 +0000 (21:54 +0200)
commit	e1af92592ec591270ef7f86a56562d119f2a46e1
tree	8ba2d7bd087cae586773eb15188a05e8ad472dbb	tree
parent	75e82c42c6a4612c7385a32dcb82ca9cb5d866bd	commit \| diff

package/matio: add upstream security fixes

Fix the following CVEs:
- CVE-2019-17533: Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits
   a certain '\0' character, leading to a heap-based buffer over-read in
   strdup_vprintf when uninitialized memory is accessed.
- CVE-2019-20017: A stack-based buffer over-read was discovered in
   Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17.
- CVE-2019-20018: A stack-based buffer over-read was discovered in
   ReadNextCell in mat5.c in matio 1.5.17.
- CVE-2019-20020: A stack-based buffer over-read was discovered in
   ReadNextStructField in mat5.c in matio 1.5.17.
- CVE-2019-20052: A memory leak was discovered in Mat_VarCalloc in
   mat.c in matio 1.5.17 because SafeMulDims does not consider the
   rank==0 case.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/matio/0001-Avoid-uninitialized-memory.patch	[new file with mode: 0644]	blob
package/matio/0002-Fix-illegal-memory-access.patch	[new file with mode: 0644]	blob
package/matio/0003-Fix-illegal-memory-access.patch	[new file with mode: 0644]	blob
package/matio/0004-Fix-memory-leak.patch	[new file with mode: 0644]	blob
package/matio/matio.mk		diff \| blob \| history