A security issue in xerces-c has been announced today (May 9): http://openwall.com/lists/oss-security/2016/05/09/7 There is a proposed patch on the upstream bug report: https://issues.apache.org/jira/browse/XERCESC-2066 Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Assigning to all packagers collectively, since there is no maintainer for this package.
CC: (none) => makowski.mageia, marja11Assignee: bugsquad => pkg-bugs
Debian-LTS has issued an advisory for this on May 12: http://lwn.net/Alerts/687206/
URL: (none) => http://lwn.net/Vulnerabilities/687229/
Patched packages uploaded for Mageia 5 and Cauldron. Testing ideas in Bug 17820. Advisory: ======================== Updated xerces-c packages fix security vulnerability: Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, due to not properly handling invalid characters in XML input documents in the DTDScanner (CVE-2016-2099). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2099 https://www.debian.org/security/2016/dsa-3579 ======================== Updated packages in core/updates_testing: ======================== xerces-c-3.1.2-1.2.mga5 libxerces-c3.1-3.1.2-1.2.mga5 libxerces-c-devel-3.1.2-1.2.mga5 xerces-c-doc-3.1.2-1.2.mga5 from xerces-c-3.1.2-1.2.mga5.src.rpm
Version: Cauldron => 5Assignee: pkg-bugs => qa-bugsWhiteboard: MGA5TOO => has_procedure
Tested this package before. Hope to get round to testing it later today.
CC: (none) => tarazed25
Put enigma through its paces before updating and ran the parser program on a sample XML file. Updated and found that enigma continued to work - an addictive game that - and the parser also functioned. Reckon this is OK.
Created attachment 7814 [details] Simple parser program to be run on the sample file Original C++ code is omitted because it was copied from github so there might be intellectual property rights attached to it. This looks for sample.xml. $ ./parser Application option A=10 Application option B=24
Whiteboard: has_procedure => has_procedure MGA5-64-OK
Created attachment 7815 [details] Simple XML file with two stanzas This goes with the parser program.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0189.html
Status: NEW => RESOLVEDResolution: (none) => FIXED