Description: "In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095." See https://sourceforge.net/p/gptfdisk/mailman/message/37196701/.
I'm not sure how exploitable this is without control over a disk in the first place. So, I'll call it B1 for now, but I think we need to discuss this.
@ maintainer(s): Could you please bump to v1.0.6.1 first (https://sourceforge.net/p/gptfdisk/code/ci/f063fe08e424c99f133df18bf9dce49c851bcb0a/) before stabilize?
ppc64 done
arm done
sparc stable
ppc done
amd64 done
arm64 done
x86 done all arches done
Please cleanup
New GLSA request filed.
This issue was resolved and addressed in GLSA 202105-03 at https://security.gentoo.org/glsa/202105-03 by GLSA coordinator Thomas Deutschmann (whissi).