| Summary: | <dev-libs/libmaxminddb-1.4.3: Heap buffer overflow in dump_entry_data_list (CVE-2020-28241) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | netmon |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/maxmind/libmaxminddb/issues/236 | ||
| See Also: | https://github.com/gentoo/gentoo/pull/18217 | ||
| Whiteboard: | B3 [glsa+ cve] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Sam James
2020-11-06 06:22:58 UTC
arm64 done arm done amd64 done hppa/ppc/ppc64/sparc stable x86 done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c329200c739413d0bd2e6a35a1979be75621e478 commit c329200c739413d0bd2e6a35a1979be75621e478 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-11-10 17:20:42 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-11 00:25:32 +0000 dev-libs/libmaxminddb: security cleanup <1.4.3 Bug: https://bugs.gentoo.org/753275 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/18217 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libmaxminddb/Manifest | 2 -- dev-libs/libmaxminddb/libmaxminddb-1.3.2.ebuild | 27 ------------------------- dev-libs/libmaxminddb/libmaxminddb-1.4.2.ebuild | 27 ------------------------- 3 files changed, 56 deletions(-) This issue was resolved and addressed in GLSA 202011-15 at https://security.gentoo.org/glsa/202011-15 by GLSA coordinator Sam James (sam_c). |