openSUSE has issued an advisory on April 6: https://lists.opensuse.org/opensuse-updates/2018-04/msg00002.html Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => mageia
Patched packages uploaded for Mageia 5, Mageia 6, and Cauldron. Advisory: ======================== Updated graphite2 packages fix security vulnerability: NULL pointer dereference vulnerability in Segment.cpp that may cause a denial of service (CVE-2018-7999). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7999 https://lists.opensuse.org/opensuse-updates/2018-04/msg00002.html ======================== Updated packages in core/updates_testing: ======================== graphite2-1.3.10-1.1.mga5 libgraphite2_3-1.3.10-1.1.mga5 libgraphite2-devel-1.3.10-1.1.mga5 graphite2-1.3.10-1.1.mga6 libgraphite2_3-1.3.10-1.1.mga6 libgraphite2-devel-1.3.10-1.1.mga6 from SRPMS: graphite2-1.3.10-1.1.mga5.src.rpm graphite2-1.3.10-1.1.mga6.src.rpm
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOVersion: Cauldron => 6Assignee: mageia => qa-bugs
MGA5-32 on Dell Latitude D600 Xfce No installation issues. Followed bug 20778 Comment 7 for tests On http://scripts.sil.org/cms/scripts/page.php?site_id=projects&item_id=graphite_fontdemo#graphic , the demo page: Installed Padauk, characters seems OK, but washwe option is n otset (no idea how to do this).Awami font does not correspond at all with screenshot - well, it is arabic style, but that's all I can make of. Installed the Libertine fonts and could use these in LibreOffice. OK as far as my knowledge goes.
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
Mageia 6, x86_64 CVE-2018-7999 PoC at https://github.com/silnrsi/graphite/issues/22 $ gr2fonttest poc-libgraphite2-segment-null-pointer-dereference.ttf -rtl -j 30 -cache -codes 1000 Text codes 1000 Segmentation fault (core dumped) Downloaded padauk font as a zip file. Unzipped it and installed the TTF versions rather than WOFF, using drakfont. $ ls documentation DOCUMENTATION.txt Padauk-features.pdf Padauk-typesample.pdf Padauk-features.odt Padauk-typesample.odt Moved to the documentation directory and opened the PDFs in xpdf - no problem. LibreOffice displayed the ODT files and rendered the Padauk script OK. On the http://scripts.sil.org/ fontdemo website the locally installed font sample matched the server sample exactly. I would agree with Herman that the comparison samples for Awami Nastaliq are not the same but there are substrings which do match exactly. Downloaded and installed the Libertine and Biolinum fonts and checked that LibreOffice could use them. Updated the packages and ran the PoC. $ gr2fonttest poc-libgraphite2-segment-null-pointer-dereference.ttf -rtl -j 30 -cache -codes 1000 Text codes 1000 Invalid font, failed to read or parse tables No segfault this time. Repeated the tests outlined above. All tests passed.
CC: (none) => tarazed25Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0240.html
Status: NEW => RESOLVEDResolution: (none) => FIXED