Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 830370 (CVE-2021-45943) - <sci-libs/gdal-3.4.1: heap buffer overflow
Summary: <sci-libs/gdal-3.4.1: heap buffer overflow
Status: IN_PROGRESS
Alias: CVE-2021-45943
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 830589
Blocks:
  Show dependency tree
 
Reported: 2022-01-01 02:09 UTC by Sam James
Modified: 2022-02-06 17:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-01 02:09:17 UTC 
CVE-2021-45943 (https://github.com/OSGeo/gdal/pull/4944):

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-01-01 04:36:09 UTC 
It looks like 3.4.1 will be soon.
Comment 2 Larry the Git Cow gentoo-dev 2022-01-04 11:34:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=188fd670f4bf39726bc0468d7d21fa4f6b666b22

commit 188fd670f4bf39726bc0468d7d21fa4f6b666b22
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-01-04 11:34:40 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-04 11:34:40 +0000

    sci-libs/gdal: add 3.4.1
    
    Bug: https://bugs.gentoo.org/830370
    Signed-off-by: Sam James <sam@gentoo.org>

 sci-libs/gdal/Manifest          |   1 +
 sci-libs/gdal/gdal-3.4.1.ebuild | 323 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 324 insertions(+)
Comment 3 John Helmert III gentoo-dev Security 2022-01-28 15:59:18 UTC 
Please cleanup
Comment 4 Larry the Git Cow gentoo-dev 2022-02-05 20:46:42 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9ffd278f8fe238387a6c34cc3697aa6a4db5a5a

commit c9ffd278f8fe238387a6c34cc3697aa6a4db5a5a
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-02-05 20:27:55 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-02-05 20:40:47 +0000

    sci-libs/gdal: Cleanup vulnerable 3.3.3 and 3.4.0
    
    Bug: https://bugs.gentoo.org/830370
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 sci-libs/gdal/Manifest          |   2 -
 sci-libs/gdal/gdal-3.3.3.ebuild | 317 ---------------------------------------
 sci-libs/gdal/gdal-3.4.0.ebuild | 323 ----------------------------------------
 3 files changed, 642 deletions(-)
Comment 5 John Helmert III gentoo-dev Security 2022-02-06 17:48:01 UTC 
Thanks!