Fedora has issued an advisory on April 17: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JP37EMDUZGFO2KTU74CCRBYDBGUGHQIZ/ The issue was fixed upstream in 2.0.47. Mageia 5 is also affected (but doesn't need to be updated).
CC: (none) => geiger.david68210, rverschelde
Done!
Advisory: ======================== Updated anki package fixes security vulnerability: Anki 2.0.47 fixes a security issue in .apkg imports. References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JP37EMDUZGFO2KTU74CCRBYDBGUGHQIZ/ ======================== Updated packages in core/updates_testing: ======================== anki-2.0.47-1.mga6 from anki-2.0.47-1.mga6.src.rpm
Assignee: bugsquad => qa-bugs
MGA6-32 on Dell Latitude D600 MATE No installation issues Started anki at CLI, downloaded a file of geography cards and imported that one in anki, and play the cards. Works OK AFAICS. The help function was quite usefull for me to get going.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Testing M6 x64 Anki: Flashcard program for using space repetition learning https://apps.ankiweb.net/docs/manual.html is a very good page telling you how to do everything. Including how to download & import a card deck. BEFORE update: anki-2.0.45-1.mga6 Installed this, which made 72 pkgs including both Qt4 & Qt5 python thingies. It is in the Education menu. Followed its instructions to add a new deck (opens a browser; no need to Login or Sign up - the Download button is lower down), downloaded & imported it. Played a little. AFTER update: anki-2.0.47-1.mga6.noarch It retained its first deck. I downloaded & imported another, which seemed odd as the questions were statements, with blank answers; perhaps designed to add one's own notes. Imported yet another deck, and that worked OK - as did the original one. Looks OK. Advisory done from comment 2, but: - no CVE. - The Fedora reference cites the following things; are they included in this update (the security issue apart)? Should they be mentioned?: Update to new upstream release 2.0.50. * fix a security issue in .apkg imports * fix a problem with plugin download * use python send2trash module from system * use correct shebang for python2 * upstream changelog:
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OKKeywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0216.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED