diff --git a/matio b/matio index a301162..cab79b5 160000 --- a/matio +++ b/matio @@ -1 +1 @@ -Subproject commit a301162ce9bbc6f934f8b973a59d4b570708d32b68ee6003a0d3c0af8a8ade24 +Subproject commit cab79b5274800132c992e2d58c1e8b7a1c1d4af658bc712579926e0ad7c51bfa diff --git a/patchinfo.20260106101959221503.93181000773252/_patchinfo b/patchinfo.20260106101959221503.93181000773252/_patchinfo new file mode 100644 index 0000000..007e01b --- /dev/null +++ b/patchinfo.20260106101959221503.93181000773252/_patchinfo @@ -0,0 +1,33 @@ + + VUL-0: CVE-2025-2337: matio: heap buffer overflow in function Mat_VarPrint of file src/mat.c + VUL-0: CVE-2025-2337: matio: heap buffer overflow in function Mat_VarPrint of file src/mat.c + VUL-0: CVE-2025-2338: matio: heap buffer overflow in function strdup_vprintf of file src/io.c + VUL-0: CVE-2025-2338: matio: heap buffer overflow in function strdup_vprintf of file src/io.c + AndreasStieger + important + security + Security update for matio + This update for matio fixes the following issues: + +- update to version 1.5.29: + * Fix printing rank-1-variable in Mat_VarPrint + * Fix array index out of bounds in Mat_VarPrint when printing + UTF-8 character data (boo#1239678, CVE-2025-2337) + * Fix heap-based buffer overflow in strdup_vprintf + (boo#1239677, CVE-2025-2338) + * Changed Mat_VarPrint to print all values of rank-2-variable + * Several other fixes, for example for access violations in + Mat_VarPrint + +- Update to version 1.5.28: + * Fixed bug writing MAT_T_INT8/MAT_T_UINT8 encoded character + array to compressed v5 MAT file (regression of v1.5.12). + * Fixed bug reading all-zero sparse array of v4 MAT file + (regression of v1.5.18). + * Updated C99 snprintf.c. + * CMake: Enabled testing. + * Several other fixes, for example for access violations in + Mat_VarPrint. + + matio +