CVE-2022-0699: A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc. Patch: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f
Ping. Any reason we cannot apply the patch mentioned in the comment?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3431299ebe0ad8b9bfa4879b90971f58dc71ff30 commit 3431299ebe0ad8b9bfa4879b90971f58dc71ff30 Author: Christopher Fore <csfore@posteo.net> AuthorDate: 2024-04-22 22:56:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-05-03 11:23:09 +0000 sci-libs/shapelib: add 1.6.0, security bump - Bump subslot (now installs as libshp.so.4) - Tests pass - Bump to EAPI 8 - Convert SRC_URI to HTTPS - Convert econf args to array Bug: https://bugs.gentoo.org/877605 Signed-off-by: Christopher Fore <csfore@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/36367 Signed-off-by: Sam James <sam@gentoo.org> sci-libs/shapelib/Manifest | 1 + sci-libs/shapelib/shapelib-1.6.0.ebuild | 38 +++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+)