Ubuntu has issued an advisory today (October 12): https://www.ubuntu.com/usn/usn-3101-1/ Ubuntu has patches and it was fixed upstream (no commit link available in the Launchpad bug).
Whiteboard: (none) => MGA5TOO
cauldron is not affected. Update pushed in mga5 updates_testing SRPMS: tracker-1.2.5-1.1.mga5
Whiteboard: MGA5TOO => (none)CC: (none) => mageiaVersion: Cauldron => 5Assignee: shlomif => qa-bugs
Advisory: ======================== Updated tracker packages fix security vulnerability: It was discovered that Tracker incorrectly handled certain malformed GIF images. If a user or automated system were tricked into downloading a specially-crafted GIF image, Tracker could crash, resulting in a denial of service. References: https://www.ubuntu.com/usn/usn-3101-1/ ======================== Updated packages in core/updates_testing: ======================== tracker-1.2.5-1.1.mga5 nautilus-tracker-1.2.5-1.1.mga5 libtracker1.0_0-1.2.5-1.1.mga5 libtracker-devel-1.2.5-1.1.mga5 libtracker-gir1.0-1.2.5-1.1.mga5 tracker-vala-1.2.5-1.1.mga5 tracker-docs-1.2.5-1.1.mga5 from tracker-1.2.5-1.1.mga5.src.rpm
Whiteboard: (none) => advisoryCC: (none) => davidwhodgins
MGA5-32 on AcerD620 Xfce No installation issues Using at CLI $ tracker-stats Statistieken: nao:Tag = 1 nco:Contact = 1 rdfs:Class = 235 rdfs:Resource = 1035 but trying tracker-info -cif <somefile> just returns two blank lines Not sure what this thing is supposed to do.
CC: (none) => herman.viaene
Before testing M5_64 I already had or added these pkgs:- lib64tracker1.0_0-1.2.5-1.mga5 lib64tracker-gir1.0-1.2.5-1.mga5 nautilus-tracker-1.2.5-1.mga5 tracker-1.2.5-1.mga5 I declined to add 'tracker-vala' because it wanted loads of dependancies, and is to do with development. The Tracker project home page:- https://wiki.gnome.org/Projects/Tracker The "What is Tracker?", "Features", "Getting Started", "First 5 minutes with Tracker" pages give an idea what it is about. The First_5_minutes one notes: "Tracker is started when you log in. This usually means that after installing it in your distribution you need to log out and in again." The Getting_Started one lists several try-able commands, all with man pages:- $ tracker-control Manage Tracker processes and data $ tracker-info Retrieve all information available for a certain file $ tracker-search Search all content for keywords $ tracker-stats Provides statistics on the data indexed $ tracker-tag Add, remove and list tags The site also mentions a command 'tracker' which does not seem to exist. In addition are mentioned two small GUIs (which work):- $ tracker-preferences to edit the Tracker configuration for what's indexed and where $ tracker-needle a search application covering tags, music, emails, images, documents and more No shortage of things to play with...
CC: (none) => lewyssmith
Played around with tracker-search -i IMG* tracker-needle tracker-preferences tracker-info IMG_0010.jpg all seems to work OK
Whiteboard: advisory => advisory MGA5-32-OK
Testing M5 x64 BEFORE update, version 1.2.5-1 Used a little the issued Tracker as identified in Comment 4, most commands, GUIs. Since most commands seem to work with filenames, 'find -name' would often do... However, this does find files with a given *content*, even in a PDF. AFTER update to: lib64tracker-gir1.0-1.2.5-1.1.mga5 lib64tracker1.0_0-1.2.5-1.1.mga5 nautilus-tracker-1.2.5-1.1.mga5 tracker-1.2.5-1.1.mga5 logged out/in. Tried most things again, results similar. Looks OK. Validating; advisory already in place.
Keywords: (none) => validated_updateWhiteboard: advisory MGA5-32-OK => advisory MGA5-32-OK MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0432.html
Status: NEW => RESOLVEDResolution: (none) => FIXED