SUSE has issued an advisory on September 6: https://lists.opensuse.org/opensuse-security-announce/2017-09/msg00015.html Mageia 5 is probably also affected. It doesn't look like fixes for most of these have been committed upstream yet.
Whiteboard: (none) => MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
openSUSE has issued an advisory for this on September 8: https://lists.opensuse.org/opensuse-updates/2017-09/msg00031.html
There is also CVE-2017-6311 from this Ubuntu advisory from today (September 18): https://usn.ubuntu.com/usn/usn-3418-1/
Mageia 6 already had the commits for CVE-2017-2862, CVE-2017-2870, and CVE-2017-6311 in 2.36.10.
Advisory: ======================== Updated gdk-pixbuf2.0 packages fix security vulnerabilities: JPEG gdk_pixbuf__jpeg_image_load_increment Code Execution Vulnerability (CVE-2017-2862). tiff_image_parse Code Execution Vulnerability (CVE-2017-2870). Ariel Zelivansky discovered that the GDK-PixBuf library did not properly handle printing certain error messages. If an user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service (CVE-2017-6311). Out-of-bounds read on io-ico.c (CVE-2017-6312). A dangerous integer underflow in io-icns.c (CVE-2017-6313). Infinite loop in io-tiff.c (CVE-2017-6314). Note, the CVE-2017-2862, CVE-2017-2870, and CVE-2017-6311 issues only affected Mageia 5. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6312 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6313 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6314 https://usn.ubuntu.com/usn/usn-3418-1/ https://lists.opensuse.org/opensuse-updates/2017-09/msg00031.html ======================== Updated packages in core/updates_testing: ======================== gdk-pixbuf2.0-2.32.3-1.1.mga5 libgdk_pixbuf2.0_0-2.32.3-1.1.mga5 libgdk_pixbuf2.0-devel-2.32.3-1.1.mga5 libgdk_pixbuf-gir2.0-2.32.3-1.1.mga5 gdk-pixbuf2.0-2.36.10-1.1.mga6 libgdk_pixbuf2.0_0-2.36.10-1.1.mga6 libgdk_pixbuf2.0-devel-2.36.10-1.1.mga6 libgdk_pixbuf-gir2.0-2.36.10-1.1.mga6 from SRPMS: gdk-pixbuf2.0-2.32.3-1.1.mga5.src.rpm gdk-pixbuf2.0-2.36.10-1.1.mga6.src.rpm
Assignee: pkg-bugs => qa-bugs
To prioritise.
MGA5-32 on Dell Latitude D600 Xfce No installation issues Ref to bug 21658 Comment 7 for at test $ convert 1973.jpg -colorspace Gray grayslide1.jpg produces a perfect grayslide viewed in ristretto.
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
Keywords: (none) => advisoryCC: (none) => davidwhodgins
Similar testing on MGA5 x86_64. Validating the update.
Keywords: (none) => validated_updateWhiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0016.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
*** Bug 25904 has been marked as a duplicate of this bug. ***
CC: (none) => zombie.ryushu