Debian has issued an advisory today (August 29): https://www.debian.org/security/2017/dsa-3958 The fixes may have been included in the version in Cauldron (we'll have to check), but at least Mageia 5 and Mageia 6 are affected.
Whiteboard: (none) => MGA6TOO, MGA5TOOAssignee: bugsquad => rverschelde
cauldron is not affected
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOVersion: Cauldron => 6CC: (none) => mageia
Advisory: ======================== Updated fontforge packages fix security vulnerabilities: It was discovered that FontForge, a font editor, did not correctly validate its input. An attacker could use this flaw by tricking a user into opening a maliciously crafted OpenType font file, thus causing a denial-of-service via application crash, or execution of arbitrary code (CVE-2017-11568, CVE-2017-11569, CVE-2017-11571, CVE-2017-11572, CVE-2017-11574, CVE-2017-11575, CVE-2017-11576, CVE-2017-11577). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11575 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11577 https://www.debian.org/security/2017/dsa-3958 ======================== Updated packages in core/updates_testing: ======================== fontforge-1.0-1.20120731.10.mga5 fontforge-20161012-4.1.mga6 libfontforge-devel-20161012-4.1.mga6 from SRPMS: fontforge-1.0-1.20120731.10.mga5.src.rpm fontforge-20161012-4.1.mga6.src.rpm
Assignee: rverschelde => qa-bugsCC: (none) => rverschelde
CC: (none) => davidwhodginsKeywords: (none) => advisory
MGA5-32 on Dell Latitude D600 Xfce No installation issues Ref to bug 3161 Comment 9: Copied LiberationSans_Regular to my home. $ fontforge LiberationSans-Regular.ttf Copyright (c) 2000-2012 by George Williams. Executable based on sources from 14:57 GMT 31-Jul-2012-NoPython. Library based on sources from 14:57 GMT 31-Jul-2012. Rotated uppercase "Gamma" character 90 degrees and followed prompts of editor to save the ttf file. $ fontimage -o fonts.png LiberationSans-Regular.ttf Copyright (c) 2000-2012 by George Williams. Executable based on sources from 14:57 GMT 31-Jul-2012-NoPython. Library based on sources from 14:57 GMT 31-Jul-2012. Checked resulting png file and see rotated character. OK for me.
Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OKCC: (none) => herman.viaene
Validating baesd on fontforge /usr/share/fonts/TTF/liberation/LiberationSans-BoldItalic.ttf working ok.
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OK MGA5-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0037.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED