Closed tuliom closed 3 years ago
Notice there are 3 patches for this:
commit 7d88c6142c6efc160c0ee5e4f85cde382c072888
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed Jan 27 13:36:12 2021 +0100
gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)
The conversion loop to the internal encoding does not follow
the interface contract that __GCONV_FULL_OUTPUT is only returned
after the internal wchar_t buffer has been filled completely. This
is enforced by the first of the two asserts in iconv/skeleton.c:
/* We must run out of output buffer space in this
rerun. */
assert (outbuf == outerr);
assert (nstatus == __GCONV_FULL_OUTPUT);
This commit solves this issue by queuing a second wide character
which cannot be written immediately in the state variable, like
other converters already do (e.g., BIG5-HKSCS or TSCII).
Reported-by: Tavis Ormandy <taviso@gmail.com>
commit d7f4f3f5fb1275f0b3d9f4e1b3d9d7b75a5a9e26
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Jan 29 17:29:57 2021 +0100
NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
commit 934c48a05b3491c39253678dd4bf671af8c3425e (origin/master, origin/HEAD)
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Jan 29 18:20:54 2021 +0100
NEWS: Fix typo in CVE-2021-3326 entry
Fixed on AT 13.0: 6d59f50. I'll be available in AT 13.0-4.
Fixed on AT 14.0: 5d066b5dd73502d0bffec0bb83ef3dbb63d4c367. Available in AT 14.0-3.
It affects AT 12.0, 13.0 and 14.0.
References: