openSUSE has issued an advisory today (August 17): https://lists.opensuse.org/opensuse-updates/2017-08/msg00076.html Mageia 6 is also affected. Mageia 5 may be as well.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Version: Cauldron => 6CC: (none) => mageiaWhiteboard: MGA6TOO, MGA5TOO => MGA5TOO
this bug is not valid on mga5. Pushed in updates_testing of mga6 src.rpm: taglib-1.11.1-1.1.mga6
Whiteboard: MGA5TOO => (none)Assignee: pkg-bugs => qa-bugs
Advisory: ======================== Updated taglib packages fix security vulnerability: Denial of service vulnerability via specially crafted ID3v2 data (CVE-2017-12678). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12678 https://lists.opensuse.org/opensuse-updates/2017-08/msg00076.html ======================== Updated packages in core/updates_testing: ======================== libtaglib1-1.11.1-1.1.mga6 libtaglib_c0-1.11.1-1.1.mga6 libtaglib-devel-1.11.1-1.1.mga6 from taglib-1.11.1-1.1.mga6.src.rpm
Testing OK on Mageia 6 x86_64, via clementine which makes use of taglib: $ ldd /usr/bin/clementine | grep libtag.so.1 libtag.so.1 => /lib64/libtag.so.1 (0x00007f95ca52d000) Reading and modifying tags work in Clementine.
Whiteboard: (none) => MGA6-64-OK
Validating, advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: MGA6-64-OK => advisory MGA6-64-OKCC: (none) => sysadmin-bugs
Update ID assignment failed Checking for QA validation keyword⦠â Checking dependent bugs⦠â (None found) Checking SRPMs⦠â (6/core/taglib-1.11.1-1.mga6) 'validated_update' keyword reset.
Keywords: validated_update => (none)
Advisory fixed.
Keywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0286.html
Status: NEW => RESOLVEDResolution: (none) => FIXED