CVE-2022-1304 (https://bugzilla.redhat.com/show_bug.cgi?id=2069726): An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
Ts'o says he's applied this, but I don't see it in git yet: https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/
Looks like there's a set of Ted patches for fuzzing issues: https://lore.kernel.org/all/20220607042444.1798015-6-tytso@mit.edu/T/ Czerner's patch ended up in git as ab51d587bb9b229b1fade1afd02e1574c1ba5c76 unreleased afaict
(In reply to John Helmert III from comment #2) > Looks like there's a set of Ted patches for fuzzing issues: > > https://lore.kernel.org/all/20220607042444.1798015-6-tytso@mit.edu/T/ > > Czerner's patch ended up in git as ab51d587bb9b229b1fade1afd02e1574c1ba5c76 > unreleased afaict ~/git/e2fsprogs $ git tag --contains ab51d58 v1.46.6-rc1
