CVE-2021-20307: Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. Fixed in 2.9.20 according to URL. Please bump.
Version bumped in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b484fbfdb63b002ca7467e501fc1760de2cc6f43
Thank you! Please stabilize when ready.
Ping
arm64 done
amd64 done
x86 done all arches done
Please cleanup.
(In reply to Sam James from comment #7) > Please cleanup. Done https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed40409965667299d2d28c25560d24f2cfc6c8c0
(In reply to Markus Meier from comment #8) > (In reply to Sam James from comment #7) > > Please cleanup. > > Done > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=ed40409965667299d2d28c25560d24f2cfc6c8c0 Thanks!
GLSA request filed.
This issue was resolved and addressed in GLSA 202107-47 at https://security.gentoo.org/glsa/202107-47 by GLSA coordinator John Helmert III (ajak).