"In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095."
I'm not sure how exploitable this is without control over a disk in the first place. So, I'll call it B1 for now, but I think we need to discuss this.
@ maintainer(s): Could you please bump to v18.104.22.168 first (https://sourceforge.net/p/gptfdisk/code/ci/f063fe08e424c99f133df18bf9dce49c851bcb0a/) before stabilize?
all arches done
New GLSA request filed.
This issue was resolved and addressed in
GLSA 202105-03 at https://security.gentoo.org/glsa/202105-03
by GLSA coordinator Thomas Deutschmann (whissi).