openSUSE has issued an advisory today (December 8): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DWEPRACQNMJHSGWUZQ5LKNVGWSZ6FMCB/ The issues are fixed upstream in 1.5.22.
Status comment: (none) => Fixed upstream in 1.5.22
Suggested advisory: ======================== The updated packages fix security vulnerabilities: matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4). (CVE-2020-36428) matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry), related to use of HDF5 1.12.0. (CVE-2021-36977) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36428 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36977 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DWEPRACQNMJHSGWUZQ5LKNVGWSZ6FMCB/ ======================== Updated packages in core/updates_testing: ======================== lib(64)matio11-1.5.23-1.mga8 lib(64)matio-devel-1.5.23-1.mga8 matio-1.5.23-1.mga8 from SRPM: matio-1.5.23-1.mga8.src.rpm
Status: NEW => ASSIGNEDCVE: (none) => CVE-2020-36428, CVE-2021-36977Status comment: Fixed upstream in 1.5.22 => (none)CC: (none) => nicolas.salgueroAssignee: geiger.david68210 => qa-bugs
MGA8-64 MATE on Acer Aspire 5253 No installation issues. According to our MCC: "matio is an ISO C library (with a limited Fortran 90 interface) for reading and writing Matlab MAT files." So this is developers stuff, OK on clean install. I see on bug 29164 that Len did some exercise in that area, so if anyone judges it's necessary to do a similar test on this update, plse feel free to withdraw the OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in comment 1.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
In reply to comment 2: No, you all right on this one Herman. As stated, the test in the previous bug was a very primitive one, so no worries.
CC: (none) => tarazed25
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0465.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED