"libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c."
arm64 done
arm done
amd64 done
hppa/ppc/ppc64/sparc stable
x86 done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c329200c739413d0bd2e6a35a1979be75621e478 commit c329200c739413d0bd2e6a35a1979be75621e478 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-11-10 17:20:42 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-11 00:25:32 +0000 dev-libs/libmaxminddb: security cleanup <1.4.3 Bug: https://bugs.gentoo.org/753275 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/18217 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/libmaxminddb/Manifest | 2 -- dev-libs/libmaxminddb/libmaxminddb-1.3.2.ebuild | 27 ------------------------- dev-libs/libmaxminddb/libmaxminddb-1.4.2.ebuild | 27 ------------------------- 3 files changed, 56 deletions(-)
This issue was resolved and addressed in GLSA 202011-15 at https://security.gentoo.org/glsa/202011-15 by GLSA coordinator Sam James (sam_c).