Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 830370 (CVE-2021-45943) - <sci-libs/gdal-3.4.1: heap buffer overflow
Summary: <sci-libs/gdal-3.4.1: heap buffer overflow
Status: IN_PROGRESS
Alias: CVE-2021-45943
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 830589
Blocks:
  Show dependency tree
 
Reported: 2022-01-01 02:09 UTC by Sam James
Modified: 2022-02-06 17:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-01 02:09:17 UTC
CVE-2021-45943 (https://github.com/OSGeo/gdal/pull/4944):

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-01 04:36:09 UTC
It looks like 3.4.1 will be soon.
Comment 2 Larry the Git Cow gentoo-dev 2022-01-04 11:34:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=188fd670f4bf39726bc0468d7d21fa4f6b666b22

commit 188fd670f4bf39726bc0468d7d21fa4f6b666b22
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-01-04 11:34:40 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-04 11:34:40 +0000

    sci-libs/gdal: add 3.4.1
    
    Bug: https://bugs.gentoo.org/830370
    Signed-off-by: Sam James <sam@gentoo.org>

 sci-libs/gdal/Manifest          |   1 +
 sci-libs/gdal/gdal-3.4.1.ebuild | 323 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 324 insertions(+)
Comment 3 John Helmert III gentoo-dev Security 2022-01-28 15:59:18 UTC
Please cleanup
Comment 4 Larry the Git Cow gentoo-dev 2022-02-05 20:46:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9ffd278f8fe238387a6c34cc3697aa6a4db5a5a

commit c9ffd278f8fe238387a6c34cc3697aa6a4db5a5a
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-02-05 20:27:55 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-02-05 20:40:47 +0000

    sci-libs/gdal: Cleanup vulnerable 3.3.3 and 3.4.0
    
    Bug: https://bugs.gentoo.org/830370
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 sci-libs/gdal/Manifest          |   2 -
 sci-libs/gdal/gdal-3.3.3.ebuild | 317 ---------------------------------------
 sci-libs/gdal/gdal-3.4.0.ebuild | 323 ----------------------------------------
 3 files changed, 642 deletions(-)
Comment 5 John Helmert III gentoo-dev Security 2022-02-06 17:48:01 UTC
Thanks!