A CVE has been assigned for an issue fixed in libksba 1.3.2:
Freeze push requested for Cauldron.
Updated package uploaded for Mageia 3 and Mageia 4.
libksba is used through gnupg2, so that's what you need to use to test this. We have a gnupg test procedure; you just need to use "gpg2" instead of "gpg" as the command to test gnupg2:
This probably isn't the most serious issue in the world, but the testing procedure is quick and easy, so if we're able to get it tested today, then great.
Updated libksba packages fix security vulnerability:
By using special crafted S/MIME messages or ECC based OpenPGP data, it is
possible to create a buffer overflow, which could lead to a denial of service
Updated packages in core/updates_testing:
Steps to Reproduce:
Tested successfully Mageia 3 i586 and Mageia 4 i586 using the encryption/decryption test with gpg2.
MGA3TOO has_procedure =>
MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK
Mageia 4 testing done x64 validated update.
MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK =>
MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-64-MGA3-32-OK
Sysadmins push to updates.
Fixing the corrupted whiteboard tag. Thanks for testing.
MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-64-MGA3-32-OK =>
MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK
MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK =>
MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK advisory
MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK advisory =>
MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK MGA3-64-OK
MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-32-OK MGA3-64-OK =>
MGA3TOO has_procedure advisory MGA4-64-OK MGA4-32-OK MGA3-32-OK MGA3-64-OK
An update for this issue has been pushed to Mageia Updates repository.