Closed gutiniao closed 4 years ago
Can you confirm that a47b7cd3aca70e9a0bddf8146eb4ab0cbd19c2c3 fixes the issue? Thanks.
Closing after no more feedback from issue author.
CVE-2019-20052 was assigned for this issue though.
Why? This issue never was apparent in a released version.
@tbeu I do not know actually (Note, I'm only the messenger here. I'm part of the Debian security team, and while reviewing new CVE assignments, I cross-checking the upstream issue associated and where needed mention the respective CVE id which got assigned).
In this case I do not know if the CVE is valid or not, but if you think it is not, might you ask as upstream via the https://cveform.mitre.org to reject the CVE? There is no information who requested the CVE, so I unfortunately cannot redirect you to the right person here.
According to our (Mageia) testing, the patch did NOT fix the issue: https://bugs.mageia.org/show_bug.cgi?id=27969#c4 This bug should either be be re-opened, or a new one raised: https://bugs.mageia.org/show_bug.cgi?id=29164
Is there a corrected patch that isn't reflected in 1.5.18+?
Hm, I am lost here. I asked for confirmation if a47b7cd3aca70e9a0bddf8146eb4ab0cbd19c2c3 fixes the issue 19 months ago. How does it come that you report now that the issue is not fixed? Why does it take such a long response?
For now, I would prefer if you can file a new pull request (targeting master) to fix whatever needs to be fixed.
"I asked for confirmation if a47b7cd fixes the issue 19 months ago. How does it come that you report now that the issue is not fixed? Why does it take such a long response?"
Our (Mageia) security updates/testing is driven by issued CVE Advisories. I see that this one goes back to at least Dec 2019; it was notified to Mageia Dec 2020, 'fixed' and tested at the turn of the year; then fell into limbo: https://bugs.mageia.org/show_bug.cgi?id=27969#c5
"I would prefer if you can file a new pull request (targeting master) to fix whatever needs to be fixed."
I have raised a new 'bug' as you wish (https://github.com/tbeu/matio/issues/175), but your terminology means nothing to me. It can do little more than reiterate the end of this one.
A crafted input will lead to crash in mat.c at matio 1.5.17. Triggered by ./matdump POC
Poc 006-memleak
The ASAN information is as follows: