"With libmaxminddb on Windows and mmdblookup generally, there were instances where the return value of calloc was not checked, which could lead to issues in low memory situations or when resource limits had been set. Reported by cve-reporting. GitHub #252."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cf62b5cda2f53a3a8d9e218db5b2a7ffd2b4158 commit 1cf62b5cda2f53a3a8d9e218db5b2a7ffd2b4158 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-02-22 05:41:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-02-22 07:23:55 +0000 dev-libs/libmaxminddb: (security) bump to 1.5.2 Bug: https://bugs.gentoo.org/771354 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libmaxminddb/Manifest | 1 + dev-libs/libmaxminddb/libmaxminddb-1.5.2.ebuild | 30 +++++++++++++++++++++++++ 2 files changed, 31 insertions(+)
ppc64 done
ppc done
sparc stable
arm64 done
x86 stable
arm done
amd64 done all arches done
Cleanup done in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f53700d4f4d6bdf789369b828e0e56bcca29824b