openSUSE has issued an advisory today (June 13): https://lists.opensuse.org/opensuse-updates/2018-06/msg00084.html Mageia 6 is also affected. Mageia 5 may also be.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package. CC'ing some committers.
Assignee: bugsquad => pkg-bugsCC: (none) => geiger.david68210, mageia, marja11, shlomif
Suggested advisory: ======================== The updated packages fix a security vulnerability: The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. (CVE-2018-11439) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11439 https://lists.opensuse.org/opensuse-updates/2018-06/msg00084.html ======================== Updated package in 5/core/updates_testing: ======================== lib(64)taglib1-1.9.1-4.1.mga5 lib(64)taglib_c0-1.9.1-4.1.mga5 lib(64)taglib-devel-1.9.1-4.1.mga5 from SRPMS: taglib-1.9.1-4.1.mga5.src.rpm Updated package in 6/core/updates_testing: ======================== lib(64)taglib1-1.11.1-1.2.mga6 lib(64)taglib_c0-1.11.1-1.2.mga6 lib(64)taglib-devel-1.11.1-1.2.mga6 from SRPMS: taglib-1.11.1-1.2.mga6.src.rpm
Version: Cauldron => 6CC: (none) => nicolas.salgueroCVE: (none) => CVE-2018-11439Status: NEW => ASSIGNEDWhiteboard: MGA6TOO => MGA5TOOAssignee: pkg-bugs => qa-bugs
MGA5-32 on Dell Latitude D600 Xfce No installation issues. Checked contents of metadata of an .ogg file in audacity. Run eaytag with strace and change a data item in the tags. Libtag found in trace file. Checked contents of metadata again of this .ogg file in audacity. Found change made. Seems OK.
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
MGA6-32 on IBM Thinkpad R50e MATE No installation issues. Same test as above Comment 3 using currently official version of easytag. Works OK.
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-32-OK
Advisory committed to svn. Validating the update.
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0300.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED