CVE-2021-45943 (https://github.com/OSGeo/gdal/pull/4944): GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
It looks like 3.4.1 will be soon.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=188fd670f4bf39726bc0468d7d21fa4f6b666b22 commit 188fd670f4bf39726bc0468d7d21fa4f6b666b22 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-04 11:34:40 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-04 11:34:40 +0000 sci-libs/gdal: add 3.4.1 Bug: https://bugs.gentoo.org/830370 Signed-off-by: Sam James <sam@gentoo.org> sci-libs/gdal/Manifest | 1 + sci-libs/gdal/gdal-3.4.1.ebuild | 323 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 324 insertions(+)
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9ffd278f8fe238387a6c34cc3697aa6a4db5a5a commit c9ffd278f8fe238387a6c34cc3697aa6a4db5a5a Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-02-05 20:27:55 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-02-05 20:40:47 +0000 sci-libs/gdal: Cleanup vulnerable 3.3.3 and 3.4.0 Bug: https://bugs.gentoo.org/830370 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> sci-libs/gdal/Manifest | 2 - sci-libs/gdal/gdal-3.3.3.ebuild | 317 --------------------------------------- sci-libs/gdal/gdal-3.4.0.ebuild | 323 ---------------------------------------- 3 files changed, 642 deletions(-)
Thanks!