Bug 1193873 (CVE-2020-36428)

Summary: VUL-0: CVE-2020-36428: matio: heap-based buffer overflow in ReadInt32DataDouble
Product: [openSUSE] openSUSE Distribution Reporter: Gabriele Sonnu <gabriele.sonnu>
Component: SecurityAssignee: Atri Bhattacharya <badshah400>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: Leap 15.3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/304604/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Gabriele Sonnu 2021-12-17 15:40:32 UTC
Packages:

 - openSUSE:Backports:SLE-15-SP4/matio  1.5.21
 - openSUSE:Factory/matio               1.5.21

No references to a fix for now.
Comment 2 Swamp Workflow Management 2022-12-08 02:19:49 UTC
openSUSE-SU-2022:10235-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1193873,1193874
CVE References: CVE-2020-36428,CVE-2021-36977
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    matio-1.5.23-bp154.2.3.1
Comment 3 Marcus Meissner 2022-12-08 08:12:51 UTC
factory also has 1.5.23 now.