An upstream fix for two heap overflows in raptor2 has been announced: http://openwall.com/lists/oss-security/2017/06/07/1 Freeze push requested for Cauldron. Patch added in Mageia 5 SVN.
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Advisory: ======================== Updated raptor2 packages fix security vulnerabilities: The raptor2 package has been patched to fix two heap buffer overflows. References: http://openwall.com/lists/oss-security/2017/06/07/1 ======================== Updated packages in core/updates_testing: ======================== raptor2-2.0.15-1.1.mga5 libraptor2_0-2.0.15-1.1.mga5 libraptor2-devel-2.0.15-1.1.mga5 from raptor2-2.0.15-1.1.mga5.src.rpm
Assignee: pkg-bugs => qa-bugs
To prioritise.
CC: (none) => davidwhodginsKeywords: (none) => advisory
MGA5-32 on Dell Latitude D600 Xfce No installation issues Downloaded some rdf example files from https://www.w3.org/2000/10/rdf-tests/ and tried one. $ rapper ms_4.1_1.rdf rapper: Parsing URI file:///home/tester5/Downloads/rdf/ms_4.1_1.rdf with parser rdfxml rapper: Serializing with serializer ntriples _:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#subject> <http://www.w3.org/Home/Lassila> . _:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#predicate> <http://description.org/schema/Creator> . _:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#object> "Ora Lassila" . _:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/1999/02/22-rdf-syntax-ns#Statement> . _:genid1 <http://description.org/schema/attributedTo> "Ralph Swick" . rapper: Parsing returned 5 triples Looks OK
Whiteboard: (none) => MGA5-32-OKCC: (none) => herman.viaene
Keywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0028.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
This is CVE-2017-18926: https://www.debian.org/security/2020/dsa-4785
Summary: raptor2 two new heap overflow security issues fixed upstream => raptor2 two new heap overflow security issues fixed upstream (CVE-2017-18926)