Comment 1 Kristian Fiskerstrand (RETIRED) 2015-11-20 08:17:27 UTC

All information is public, opening

Comment 2 Kristian Fiskerstrand (RETIRED) 2015-11-20 08:19:42 UTC

From ${URL}:
IMPORTANT: This release includes a number of important security fixes. Among these fixes is improved validation of the database metadata. Unfortunately, MaxMind GeoIP2 and GeoLite2 databases created earlier than January 28, 2014, had an invalid data type for the record_size in the metadata. Previously these databases worked on little endian machines with libmaxminddb but did not work on big endian machines. Due to increased safety checks when reading the file, these databases will no longer work on any platform. If you are using one of these databases, we recommend that you upgrade to the latest GeoLite2 or GeoIP2 database

Comment 3 Kristian Fiskerstrand (RETIRED) 2015-11-20 08:28:54 UTC

Seems someone took a fuzzer to it, based on https://github.com/maxmind/libmaxminddb/commit/51255f113fe3c7b63ffe957636a7656a3ff9d1ff setting rating for DoS vector for now

Comment 4 Jeroen Roovers (RETIRED) 2015-11-21 05:05:16 UTC

1.1.1 has been removed.
1.1.2 is in the tree.

No stable keywords.

Thanks!

Comment 6 Aaron Bauman (RETIRED) 2016-03-29 09:46:55 UTC

no vulnerable versions in tree.