openSUSE has issued an advisory on May 25: https://lists.opensuse.org/opensuse-updates/2018-05/msg00114.html Mageia 5 and Mageia 6 are also affected. The SUSE bug has more details: https://bugzilla.suse.com/show_bug.cgi?id=1072193
Assigning to the registered maintainer.
Assignee: bugsquad => shlomifCC: (none) => marja11
Fedora has issued an advisory today (November 9): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DHAC6XIATCPVSWFNBGGL2MRSBMN2F7D5/ The issue is fixed upstream in 64.1.
Severity: normal => majorSummary: icu new security issue CVE-2017-17484 => icu new security issues CVE-2017-17484 and CVE-2018-18928Whiteboard: (none) => MGA6TOO
QA Contact: (none) => securityComponent: RPM Packages => Security
Whiteboard: MGA6TOO => MGA7TOO, MGA6TOO
Re-assigning globally due to change to no specific maintainer.
Assignee: shlomif => pkg-bugsCC: (none) => cjw, thierry.vignaud
Mga 6 is EOL and CVE-2017-17484 is already fixed in ICU 63.1.
Source RPM: icu-59.1-6.mga7.src.rpm => icu-63.1-1.mga7.src.rpmCVE: (none) => CVE-2018-18928Whiteboard: MGA7TOO, MGA6TOO => (none)Summary: icu new security issues CVE-2017-17484 and CVE-2018-18928 => icu new security issue CVE-2018-18928CC: (none) => nicolas.salgueroVersion: Cauldron => 7
Suggested advisory: ======================== The updated packages fix a security vulnerability: International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. (CVE-2018-18928) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18928 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DHAC6XIATCPVSWFNBGGL2MRSBMN2F7D5/ ======================== Updated packages in core/updates_testing: ======================== icu-63.1-1.1.mga7 icu63-data-63.1-1.1.mga7 icu-doc-63.1-1.1.mga7 lib(64)icu63-63.1-1.1.mga7 lib(64)icu-devel-63.1-1.1.mga7 from SRPMS: icu-63.1-1.1.mga7.src.rpm
Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. Followed wiki, installed openttd and got as far asbuilding a bus station. Good enough for me.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 5.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0353.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED