diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-02 22:37:41 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-01-02 22:37:41 +0100 |
| commit | 6a50685438a60768a193899f086b4205e399dd51 (patch) | |
| tree | fc63d8eb38796da3ebcbf2d0da05f7050929b1eb | |
| parent | 0c6a1ef4ebc8b0671113a9c97b376d3815e61663 (diff) | |
Add CVE-2021-45943/gdal
| -rw-r--r-- | data/CVE/2021.list | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index f8afc92fdc..a7c38f1214 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -123,7 +123,14 @@ CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml TODO: check, oss-fuzz "fixing commit" cannot be correct as it only removes a documentation snippet. CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...) - TODO: check + [experimental] - gdal 3.4.1~rc1+dfsg-1~exp1 + - gdal <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 + NOTE: https://github.com/OSGeo/gdal/pull/4944 + NOTE: https://github.com/OSGeo/gdal/commit/93913a849dc1d217a40dbf9d6e6a3a23c42b61a6 (master) + NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947 + NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1) + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml CVE-2021-45942 (OpenEXR 3.1.0 through 3.1.3 has a heap-based buffer overflow in Imf_3_ ...) TODO: check CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...) |