Fedora has issued an advisory on April 6:
The issue is fixed upstream in 3.4.1.
The issue description in the RedHat bug makes it sound like the issue was introduced in 3.3.0, but Fedora patched 3.2.2 in this update, so 3.1.3 may also be affected.
Updates to this SRPM have been done by various people, so assigning this one globally.
We have the following versions since 3.1.3 in Cauldron:
3.2.2, 3.3.0, 3.3.1, 3.3.3, 3.4.0, 3.4.1, 3.4.2.
The updated packages fix a security vulnerability:
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). (CVE-2021-45943)
Updated packages in core/updates_testing:
MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues.
Ref bug 25809 Comment 9 for testing:
Created smal navigation file meierhoek.mdc by drawing some waypoints in merkaartor and saved the file, reopened it to be sure all was there: OK
$ gdalinfo --version
GDAL 3.1.3, released 2020/09/01
$ gdalsrsinfo meierhoek.mdc
PROJ.4 : +proj=longlat +datum=WGS84 +no_defs
OGC WKT2:2018 :
DATUM["World Geodetic System 1984",
$ ogrinfo meierhoek.mdc
INFO: Open of `meierhoek.mdc'
using driver `OSM' successful.
1: points (Point)
2: lines (Line String)
3: multilinestrings (Multi Line String)
4: multipolygons (Multi Polygon)
5: other_relations (Geometry Collection)
Looks all good to me.
Validating. Advisory in Comment 2.
An update for this issue has been pushed to the Mageia Updates repository.