Bug 29218

Summary: djvulibre new security issue CVE-2021-3630
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Salguero <nicolas.salguero>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: djvulibre-3.5.27-5.3.mga7.src.rpm CVE:
Status comment: Patch available from upstream and Debian

Description David Walser 2021-07-04 20:56:36 CEST 
Debian-LTS has issued an advisory today (July 4):
https://www.debian.org/lts/security/2021/dla-2702

Mageia 8 is also affected.
David Walser 2021-07-04 20:57:01 CEST

CC: (none) => nicolas.salguero
Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patch available from upstream and Debian

Comment 1 Lewis Smith 2021-07-04 21:04:27 CEST 
This is a re-run of bug 29000, for which NicolasS did the patches; so assigning this also to you (ex CC).

Assignee: bugsquad => nicolas.salguero
CC: nicolas.salguero => (none)

Comment 2 Nicolas Salguero 2021-07-05 10:53:55 CEST 
Hi,

I checked djvulibre-3.5.28-1.1.mga8 and I saw that the patch from Debian is already applied so I think CVE-2021-3630 is already fixed.

Best regards,

Nico.
Comment 3 David Walser 2021-07-05 18:07:58 CEST 
Ahh, yes it's supposed to be fixed in 3.5.28.  Only Mageia 7 is affected.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 7
Source RPM: djvulibre-3.5.28-1.1.mga8.src.rpm => djvulibre-3.5.27-5.3.mga7.src.rpm
Status: NEW => RESOLVED
Resolution: (none) => OLD