Upstream has released version 0.31 on May 9, fixing a potential security issue: https://github.com/kazu-yamamoto/pgpdump/blob/master/CHANGES Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated pgpdump package fixes security vulnerability: The pgpdump package has been updated to version 0.31, fixing a buffer overrun. References: https://github.com/kazu-yamamoto/pgpdump/blob/master/CHANGES ======================== Updated packages in core/updates_testing: ======================== pgpdump-0.31-1.mga5 from pgpdump-0.31-1.mga5.src.rpm
You can retry Claire's test from the last update: https://bugs.mageia.org/show_bug.cgi?id=18262#c2
Whiteboard: (none) => has_procedure
Testing M5 x64 Before the update, the test referred to in Comment 1 (thanks David): $ echo -en '\xa3\x03' | pgpdump Old: Compressed Data Packet(tag 8) Comp alg - BZip2(comp 3) pgpdump: can't uncompress without zlib/bzip2. After the update to: pgpdump-0.31-1.mga5 $ echo -en '\xa3\x03' | pgpdump Old: Compressed Data Packet(tag 8) Comp alg - BZip2(comp 3) pgpdump: can't uncompress without zlib/bzip2. Identical output, so OKing this update.
CC: (none) => lewyssmithWhiteboard: has_procedure => has_procedure MGA5-64-OK
Validating. Advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-64-OK => has_procedure advisory MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0212.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: http://lwn.net/Vulnerabilities/685000/ => http://lwn.net/Vulnerabilities/689717/