Summary: | <sci-libs/gdal-3.0.4-r1: double free in OGRExpatRealloc in ogr/ogr_expat.cpp (CVE-2019-17545) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | leio, sci-geosciences, tb |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=708826 https://bugs.gentoo.org/show_bug.cgi?id=707320 |
||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 706146, 706442, 707516, 716928 | ||
Bug Blocks: | 708828 |
Description
GLSAMaker/CVETool Bot
2019-11-11 16:51:23 UTC
gdal-3.0.4-r1 requires >=sci-libs/proj-6.0.0:= while gdal-3.0.4-r1[ogdi] requires sci-libs/ogdi, which requires <sci-libs/proj-6.0.0:= This is no good The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=064fcfbe59e7d0b0519994cc434a597fc3f97d32 commit 064fcfbe59e7d0b0519994cc434a597fc3f97d32 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-04-10 11:14:33 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-04-10 11:30:49 +0000 sci-libs/ogdi: 4.1.0 version bump Bug: https://bugs.gentoo.org/699838 Closes: https://bugs.gentoo.org/706190 Package-Manager: Portage-2.3.98, Repoman-2.3.22 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> sci-libs/ogdi/Manifest | 1 + sci-libs/ogdi/files/ogdi-4.1.0-subdirs.patch | 24 +++++++++++ sci-libs/ogdi/ogdi-4.1.0.ebuild | 60 ++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+) Unable to check for sanity:
> no match for package: dev-python/ijson-2.4
arm64 stable Unable to check for sanity:
> no match for package: dev-python/ijson-2.4
Unable to check for sanity:
> no match for package: dev-python/ijson-2.4
All sanity-check issues have been resolved Resetting sanity check; package list is empty or all packages are done. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f343fdd68ff4def7e6083fa14258b14867e04e4 commit 7f343fdd68ff4def7e6083fa14258b14867e04e4 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-04-12 21:38:48 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-04-13 09:21:29 +0000 sci-libs/gdal: Drop 2.4.1-r1 and 2.4.3 Bug: https://bugs.gentoo.org/699838 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> sci-libs/gdal/Manifest | 2 - sci-libs/gdal/files/gdal-2.2.3-bashcomp-path.patch | 12 - sci-libs/gdal/files/gdal-2.4.1-poppler-0.75.patch | 148 ---------- sci-libs/gdal/files/gdal-2.4.1-poppler-0.76.patch | 24 -- sci-libs/gdal/files/gdal-2.4.1-poppler-0.82.patch | 53 ---- .../gdal/files/gdal-2.4.1-poppler-0.83-1.patch | 27 -- .../gdal/files/gdal-2.4.1-poppler-0.83-2.patch | 42 --- sci-libs/gdal/files/gdal-2.4.1-swig-4.patch | 115 -------- sci-libs/gdal/gdal-2.4.1-r1.ebuild | 322 --------------------- sci-libs/gdal/gdal-2.4.3.ebuild | 319 -------------------- 10 files changed, 1064 deletions(-) Security cleanup done. Downgraded. |