Bug 19575

cauldron is not affected.

Update pushed in mga5 updates_testing


SRPMS:    tracker-1.2.5-1.1.mga5

Whiteboard: MGA5TOO => (none)
CC: (none) => mageia
Version: Cauldron => 5
Assignee: shlomif => qa-bugs

Advisory:
========================

Updated tracker packages fix security vulnerability:

It was discovered that Tracker incorrectly handled certain malformed GIF images.
If a user or automated system were tricked into downloading a specially-crafted
GIF image, Tracker could crash, resulting in a denial of service.

References:
https://www.ubuntu.com/usn/usn-3101-1/
========================

Updated packages in core/updates_testing:
========================
tracker-1.2.5-1.1.mga5
nautilus-tracker-1.2.5-1.1.mga5
libtracker1.0_0-1.2.5-1.1.mga5
libtracker-devel-1.2.5-1.1.mga5
libtracker-gir1.0-1.2.5-1.1.mga5
tracker-vala-1.2.5-1.1.mga5
tracker-docs-1.2.5-1.1.mga5

from tracker-1.2.5-1.1.mga5.src.rpm

MGA5-32 on AcerD620 Xfce
No installation issues
Using at CLI
$ tracker-stats 
Statistieken:
  nao:Tag = 1
  nco:Contact = 1
  rdfs:Class = 235
  rdfs:Resource = 1035
but trying tracker-info -cif <somefile>
just returns two blank lines
Not sure what this thing is supposed to do.

CC: (none) => herman.viaene

Before testing M5_64

I already had or added these pkgs:-
 lib64tracker1.0_0-1.2.5-1.mga5
 lib64tracker-gir1.0-1.2.5-1.mga5
 nautilus-tracker-1.2.5-1.mga5
 tracker-1.2.5-1.mga5
I declined to add 'tracker-vala' because it wanted loads of dependancies, and is to do with development.

The Tracker project home page:-
 https://wiki.gnome.org/Projects/Tracker
The "What is Tracker?", "Features", "Getting Started", "First 5 minutes with Tracker" pages give an idea what it is about.

The First_5_minutes one notes: "Tracker is started when you log in. This usually means that after installing it in your distribution you need to log out and in again."

The Getting_Started one lists several try-able commands, all with man pages:-
 $ tracker-control      Manage Tracker processes and data
 $ tracker-info         Retrieve all information available for a certain file
 $ tracker-search       Search all content for keywords
 $ tracker-stats        Provides statistics on the data indexed
 $ tracker-tag          Add, remove and list tags
The site also mentions a command 'tracker' which does not seem to exist.

In addition are mentioned two small GUIs (which work):-
 $ tracker-preferences
to edit the Tracker configuration for what's indexed and where
 $ tracker-needle
a search application covering tags, music, emails, images, documents and more

No shortage of things to play with...

CC: (none) => lewyssmith

Played around with 
tracker-search -i IMG*
tracker-needle
tracker-preferences
tracker-info IMG_0010.jpg 
all seems to work OK

Whiteboard: advisory => advisory MGA5-32-OK

Testing M5 x64

BEFORE update, version 1.2.5-1
Used a little the issued Tracker as identified in Comment 4, most commands, GUIs. Since most commands seem to work with filenames, 'find -name' would often do... However, this does find files with a given *content*, even in a PDF.

AFTER update to:
 lib64tracker-gir1.0-1.2.5-1.1.mga5
 lib64tracker1.0_0-1.2.5-1.1.mga5
 nautilus-tracker-1.2.5-1.1.mga5
 tracker-1.2.5-1.1.mga5
logged out/in. Tried most things again, results similar. Looks OK.
Validating; advisory already in place.

Keywords: (none) => validated_update
Whiteboard: advisory MGA5-32-OK => advisory MGA5-32-OK MGA5-64-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0432.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED