Fedora has issued advisories on January 2: https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126364.html https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126366.html https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126365.html The issue appears to be fixed in versions: gnome-chemistry-utils 0.14.5 gnumeric 1.12.9 goffice 0.10.9 So Cauldron would need an update for gnome-chemistry-utils, and Mageia 3 for all three of them. Reproducible: Steps to Reproduce:
CC: (none) => fundawang, olavWhiteboard: (none) => MGA3TOO
Blocks: (none) => 11726
gnome-chemistry-utils updated in mga4, freeze push asked I'm working on update for mga3
CC: (none) => makowski.mageia
Thanks. I don't see a freeze push request on the mailing list.
gnome-chemistry-utils-0.14.5-2.mga4 uploaded for Cauldron. Thanks Philippe!
Version: Cauldron => 3Blocks: 11726 => (none)Whiteboard: MGA3TOO => (none)
Advisory: ======================== Updated gnome-chemistry-utils,gnumeric and goffice packages that fix one security issue Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value. (CVE-2013-6836) References https://bugzilla.redhat.com/show_bug.cgi?id=1044857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6836 https://bugs.mageia.org/show_bug.cgi?id=12294 ======================== Updated packages in core/updates_testing: ======================== gnome-chemistry-utils-gnumeric-0.14.5-1.mga3 gnome-chemistry-utils-0.14.5-1.mga3 gchem3d-0.14.5-1.mga3 gchempaint-0.14.5-1.mga3 libgcu0.14_0-0.14.5-1.mga3 gspectrum-0.14.5-1.mga3 libgcrystal0.14_0-0.14.5-1.mga3 gchemtable-0.14.5-1.mga3 gnome-chemistry-utils-goffice-0.14.5-1.mga3 gnome-chemistry-utils-devel-0.14.5-1.mga3 gcrystal-0.14.5-1.mga3 libgchempaint0.14_0-0.14.5-1.mga3 gnome-chemistry-utils-debuginfo-0.14.5-1.mga3 gnome-chemistry-utils-common-0.14.5-1.mga3 gchemcalc-0.14.5-1.mga3 gnumeric-1.12.9-1.mga3 libspreadsheet1.12.9-1.12.9-1.mga3 gnumeric-debuginfo-1.12.9-1.mga3 libspreadsheet-devel-1.12.9-1.mga3 libgoffice0.10_10-0.10.9-1.mga3 goffice-0.10.9-1.mga3 libgoffice0.10-devel-0.10.9-1.mga3 goffice-0.10.9-1.mga3.x86_64 from gnome-chemistry-utils-0.14.5-1.mga3.src gnumeric-1.12.9-1.mga3.src goffice-0.10.9-1.mga3.src
Assignee: bugsquad => qa-bugs
I'll have a look at it on i586. Don't understand what the issues are, but I can check for regressions. I'll put a link to the web page with user manuals for the gnome-chemistry-utils components on a procedure page on the wiki. Carolyn
CC: (none) => isolde
I tried out Gnumeric and did a few basic things like formatting for currency,formulae for adding and multiplying groups of cells, merging and centering cells, inserting the current date and time, saving and opening. I also tried various views in the periodic table viewer and entered some formulae in GChemCalc and viewed the results. No regressions noticed after update. Ill mark this as OK for 32-bit unless someone can come up with some more specific tests that need doing. Carolyn
Whiteboard: (none) => MGA3-32-OK
Testing complete Mageia 4 x86_64, checking for obvious regressions.
CC: (none) => remiWhiteboard: MGA3-32-OK => MGA3-32-OK MGA3-64-OK
Validating update, advisory has been uploaded. Please push to 3 core/updates.
Keywords: (none) => validated_updateWhiteboard: MGA3-32-OK MGA3-64-OK => MGA3-32-OK MGA3-64-OK advisoryCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0086.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED