CVE-2021-46790: ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d92ff672b56bffd9333062940964bb79e228ead commit 5d92ff672b56bffd9333062940964bb79e228ead Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-05-02 21:16:13 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-05-02 21:16:13 +0000 sys-fs/ntfs3g: disable "quarantined" utilities Upstream doesn't really support these programs. If someone really needs them, we can restore them behind a masked USE flag. Bug: https://bugs.gentoo.org/842222 Signed-off-by: Mike Gilbert <floppym@gentoo.org> sys-fs/ntfs3g/{ntfs3g-2021.8.22-r3.ebuild => ntfs3g-2021.8.22-r4.ebuild} | 1 - 1 file changed, 1 deletion(-)
The offending code has been dropped with a straight-to-stable revbump.
All done, thanks!