Andreas Henriksson pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
971cd620 by Andreas Henriksson at 2026-01-17T17:39:38+01:00
data/CVE/list: CVE-2020-36428: Note libmatio CVE likely HDF5
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -406818,6 +406818,10 @@ CVE-2020-36428 (matio (aka MAT File I/O Library)
1.5.18 through 1.5.21 has a hea
[stretch] - libmatio <not-affected> (Vulnerable code not present,
introduced in 1.5.18)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421
NOTE:
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml
+ NOTE: NEWS for 1.5.22 mentions CVE-2020-36428 + CVE-2021-36977 together.
+ NOTE: "CVE-2021-36977 was fixed en-passant when the libhdf5 dependency
was updated from v1.12.0 to v.12.1"
+ NOTE: https://github.com/google/oss-fuzz-vulns/pull/13
+ NOTE: In other words, this seems to be a underlying HDF5 problem rather
than a libmatio bug.
CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow
in acom ...)
{DSA-4948-1 DLA-2720-1}
- aspell 0.60.8-3 (bug #991307)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/971cd6204b413d3d18387a6e68dae139b0586c82
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/971cd6204b413d3d18387a6e68dae139b0586c82
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
