openSUSE has issued an advisory today (December 8):
The issues are fixed upstream in 1.5.22.
Fixed upstream in 1.5.22
The updated packages fix security vulnerabilities:
matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4). (CVE-2020-36428)
matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry), related to use of HDF5 1.12.0. (CVE-2021-36977)
Updated packages in core/updates_testing:
CVE-2020-36428, CVE-2021-36977Status comment:
Fixed upstream in 1.5.22 =>
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
According to our MCC: "matio is an ISO C library (with a limited Fortran 90 interface) for reading and writing Matlab MAT files."
So this is developers stuff, OK on clean install.
I see on bug 29164 that Len did some exercise in that area, so if anyone judges it's necessary to do a similar test on this update, plse feel free to withdraw the OK.
Validating. Advisory in comment 1.
In reply to comment 2:
No, you all right on this one Herman. As stated, the test in the previous bug was a very primitive one, so no worries.
An update for this issue has been pushed to the Mageia Updates repository.