Bug 21046

Summary: raptor2 two new heap overflow security issues fixed upstream (CVE-2017-18926)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, herman.viaene, lewyssmith, marja11, sysadmin-bugs
Version: 5Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA5-32-OK
Source RPM: raptor2-2.0.15-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2017-06-08 03:07:30 CEST 
An upstream fix for two heap overflows in raptor2 has been announced:
http://openwall.com/lists/oss-security/2017/06/07/1

Freeze push requested for Cauldron.

Patch added in Mageia 5 SVN.
Comment 1 Marja Van Waes 2017-06-08 23:19:08 CEST 
Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2017-12-28 06:12:03 CET 
Advisory:
========================

Updated raptor2 packages fix security vulnerabilities:

The raptor2 package has been patched to fix two heap buffer overflows.

References:
http://openwall.com/lists/oss-security/2017/06/07/1
========================

Updated packages in core/updates_testing:
========================
raptor2-2.0.15-1.1.mga5
libraptor2_0-2.0.15-1.1.mga5
libraptor2-devel-2.0.15-1.1.mga5

from raptor2-2.0.15-1.1.mga5.src.rpm

Assignee: pkg-bugs => qa-bugs

Comment 3 Lewis Smith 2017-12-30 12:00:21 CET 
To prioritise.
Dave Hodgins 2017-12-31 12:56:34 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 4 Herman Viaene 2018-01-02 15:48:14 CET 
MGA5-32 on Dell Latitude D600 Xfce
No installation issues
Downloaded some rdf example files from https://www.w3.org/2000/10/rdf-tests/ and tried one.
$ rapper ms_4.1_1.rdf 
rapper: Parsing URI file:///home/tester5/Downloads/rdf/ms_4.1_1.rdf with parser rdfxml
rapper: Serializing with serializer ntriples
_:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#subject> <http://www.w3.org/Home/Lassila> .
_:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#predicate> <http://description.org/schema/Creator> .
_:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#object> "Ora Lassila" .
_:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/1999/02/22-rdf-syntax-ns#Statement> .
_:genid1 <http://description.org/schema/attributedTo> "Ralph Swick" .
rapper: Parsing returned 5 triples
Looks OK

Whiteboard: (none) => MGA5-32-OK
CC: (none) => herman.viaene

Lewis Smith 2018-01-03 10:44:08 CET

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 5 Mageia Robot 2018-01-03 11:33:14 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0028.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 6 David Walser 2020-11-11 00:17:25 CET 
This is CVE-2017-18926:
https://www.debian.org/security/2020/dsa-4785

Summary: raptor2 two new heap overflow security issues fixed upstream => raptor2 two new heap overflow security issues fixed upstream (CVE-2017-18926)