"MDB Tools 0.9.2 is a security and bug-fix release. Due to a number of memory errors uncovered by OSS-Fuzz, all users who use MDB Tools to read data from untrusted sources are encouraged to upgrade to 0.9.2 as soon as possible. The release also includes some minor improvements and behavior changes, described below. libmdb: Fix infinite loop with malformed input (oss-fuzz/28789) Fix buffer overrun and some out of bounds memory accesses (oss-fuzz/28832 + oss-fuzz/28807) Fix potential memory leak (oss-fuzz/28791) Improved bounds and return value checking (oss-fuzz/29328 + oss-fuzz/29329) Add support for numeric scale/precision on JET3 databases and floating-point column types mdb_col_to_string now prints a warning and returns "" for any unsupported data type Improved warning with invalid row data (#253) [...]"
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a7835a8ef07544cbd633b4c7793c4b1518a505d commit 7a7835a8ef07544cbd633b4c7793c4b1518a505d Author: Sam James <sam@gentoo.org> AuthorDate: 2021-02-27 14:48:14 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-02-27 15:12:38 +0000 app-office/mdbtools: (security) bump to 0.9.2 Includes a patch rather than sed which has been sent upstream. URL: https://github.com/mdbtools/mdbtools/pull/261 Bug: https://bugs.gentoo.org/697568 Bug: https://bugs.gentoo.org/773289 Signed-off-by: Sam James <sam@gentoo.org> app-office/mdbtools/Manifest | 1 + .../mdbtools-0.9.2-unixODBC-respect-libdir.patch | 46 ++++++++++++++++ app-office/mdbtools/mdbtools-0.9.2.ebuild | 61 ++++++++++++++++++++++ 3 files changed, 108 insertions(+)
Waiting for https://github.com/mdbtools/mdbtools/issues/262.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e34887e1a4e731bf03c27e962b217e6326aafc79 commit e34887e1a4e731bf03c27e962b217e6326aafc79 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-05-02 07:08:56 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-05-03 16:48:57 +0000 app-office/mdbtools: add 0.9.3 Bug: https://bugs.gentoo.org/773289 Signed-off-by: Sam James <sam@gentoo.org> app-office/mdbtools/Manifest | 1 + app-office/mdbtools/mdbtools-0.9.3.ebuild | 59 +++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+)
ppc done
ppc64 done
amd64 done
x86 done
sparc stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41df5bf9be91ba8ff592c8cb6ec6d4387450b383 commit 41df5bf9be91ba8ff592c8cb6ec6d4387450b383 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-07-24 06:07:45 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-07-24 06:21:35 +0000 app-office/mdbtools: drop 0.7.1-r2, 0.9.1 Bug: https://bugs.gentoo.org/773289 Signed-off-by: John Helmert III <ajak@gentoo.org> app-office/mdbtools/Manifest | 2 - app-office/mdbtools/mdbtools-0.7.1-r2.ebuild | 58 --------------------------- app-office/mdbtools/mdbtools-0.9.1.ebuild | 60 ---------------------------- 3 files changed, 120 deletions(-)
Request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ac5d7a025f5b21082f32f355c3f003500c9f4432 commit ac5d7a025f5b21082f32f355c3f003500c9f4432 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:08:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:33 +0000 [ GLSA 202208-12 ] mdbtools: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/773289 Bug: https://bugs.gentoo.org/830371 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-12.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
GLSA released, all done!
