CVE-2023-45897: exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. Seemingly in fsck.exfat, fix is in 1.2.2 according to release notes. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4659b0e2e29cd636376fc58b1e256ed3b3ea366 commit a4659b0e2e29cd636376fc58b1e256ed3b3ea366 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-11-30 04:07:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-11-30 04:07:53 +0000 sys-fs/exfatprogs: add 1.2.2 Bug: https://bugs.gentoo.org/916507 Signed-off-by: Sam James <sam@gentoo.org> sys-fs/exfatprogs/Manifest | 1 + sys-fs/exfatprogs/exfatprogs-1.2.2.ebuild | 25 +++++++++++++++++++++++++ sys-fs/exfatprogs/exfatprogs-9999.ebuild | 4 ++-- 3 files changed, 28 insertions(+), 2 deletions(-)