621712 – <sci-libs/gdal-2.3.0: Heap-buffer-overflow in syncsearch

Bug 621712 - <sci-libs/gdal-2.3.0: Heap-buffer-overflow in syncsearch

Summary: <sci-libs/gdal-2.3.0: Heap-buffer-overflow in syncsearch

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugs.chromium.org/p/oss-fuzz/...
Whiteboard:	B3 [noglsa]
Keywords:

Duplicates (1):	659944 (view as bug list)
Depends on:	663462
Blocks:	621714 621716 621718 621720 622202 623028 659828
	Show dependency tree

Reported:	2017-06-14 07:00 UTC by Agostino Sarubbo
Modified:	2018-08-15 08:28 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-06-14 07:00:47 UTC

OSS-Fuzz is a Continuous Fuzzing for Open Source Software. See $URL for more details about the issue.
Commit fix: https://trac.osgeo.org/gdal/changeset/38253



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Andreas Sturmlechner gentoo-dev

2018-08-09 06:04:58 UTC

*** Bug 659944 has been marked as a duplicate of this bug. ***

Comment 2 Larry the Git Cow gentoo-dev

2018-08-12 19:16:59 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89993d3fc3cba6e559905b758f691b157b589fcf

commit 89993d3fc3cba6e559905b758f691b157b589fcf
Author:     Amy Liffey <amynka@gentoo.org>
AuthorDate: 2018-08-12 18:33:12 +0000
Commit:     Amy Liffey <amynka@gentoo.org>
CommitDate: 2018-08-12 19:15:39 +0000

    sci-libs/gdal: add security patches
    
    Bug: https://bugs.gentoo.org/621712
    Bug: https://bugs.gentoo.org/621720
    Bug: https://bugs.gentoo.org/623028
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../gdal/files/gdal-2.3.0-changeset_38658.patch    | 80 ++++++++++++++++++++++
 .../gdal/files/gdal-2.3.0-frmts-nitf38234.patch    | 12 ++++
 sci-libs/gdal/files/gdal-2.3.0-libtiff.patch       | 12 ++++
 .../{gdal-2.3.0-r1.ebuild => gdal-2.3.0-r2.ebuild} |  5 ++
 4 files changed, 109 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2018-08-15 08:14:54 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a11d4f138645601f3bcf3475bd18577681b3928

commit 8a11d4f138645601f3bcf3475bd18577681b3928
Author:     Amy Liffey <amynka@gentoo.org>
AuthorDate: 2018-08-15 08:12:19 +0000
Commit:     Amy Liffey <amynka@gentoo.org>
CommitDate: 2018-08-15 08:12:19 +0000

    sci-libs/gdal: remove old affected version
    
    Bug: https://bugs.gentoo.org/621712
    Bug: https://bugs.gentoo.org/621716
    Bug: https://bugs.gentoo.org/621718
    Bug: https://bugs.gentoo.org/622202
    Bug: https://bugs.gentoo.org/623028
    Bug: https://bugs.gentoo.org/627224
    Bug: https://bugs.gentoo.org/621714
    Bug: https://bugs.gentoo.org/621720
    Closes: https://bugs.gentoo.org/663462
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sci-libs/gdal/Manifest             |   1 -
 sci-libs/gdal/gdal-2.2.3-r1.ebuild | 289 -------------------------------------
 2 files changed, 290 deletions(-)

Comment 4 Mikle Kolyada (RETIRED) archtester

2018-08-15 08:27:22 UTC

GLSA vote: No.