Fedora has issued an advisory on November 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5WXLQV64VNFUPCU35REYCOVZFDFAQDLH/ The issue was fixed upstream in 0.14. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => mageia
Advisory: ======================== Updated jbig2dec packages fix security vulnerability: libjbig2dec.a in Artifex jbig2dec 0.13 has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file (CVE-2017-9216). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9216 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5WXLQV64VNFUPCU35REYCOVZFDFAQDLH/ ======================== Updated packages in core/updates_testing: ======================== jbig2dec-0.14-1.mga5 libjbig2dec0-0.14-1.mga5 libjbig2dec-devel-0.14-1.mga5 jbig2dec-0.14-1.mga6 libjbig2dec0-0.14-1.mga6 libjbig2dec-devel-0.14-1.mga6 from SRPMS: jbig2dec-0.14-1.mga5.src.rpm jbig2dec-0.14-1.mga6.src.rpm
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOAssignee: mageia => qa-bugsVersion: Cauldron => 6
MGA5-32 on Dell Latitude D600 No installation issues Spent some time in vain looking for some simple example, OK-ing as previous version on clean install.
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
CC: (none) => davidwhodginsKeywords: (none) => advisory
Validating based on update installing cleanly.
Keywords: (none) => validated_updateWhiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0039.html
Status: NEW => RESOLVEDResolution: (none) => FIXED