Fedora has issued an advisory on October 7: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WFS4YRRYY745JRYSEGGT7JFJTVC4F62H/ Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package. CC'ing two committers.
CC: (none) => mageia, marja11, smelrorAssignee: bugsquad => pkg-bugs
Patched package uploaded for cauldron and Mageia 6. Advisory: ======================== Updated exempi package fixes security vulnerability: It was found that the WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference (CVE-2018-12648). References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WFS4YRRYY745JRYSEGGT7JFJTVC4F62H/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12648 ======================== Updated packages in core/updates_testing: ======================== lib64exempi3-2.4.5-1.1.mga6 lib64exempi-devel-2.4.5-1.1.mga6 from exempi-2.4.5-1.1.mga6.src.rpm Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=22801#c6
Whiteboard: MGA6TOO => (none)Keywords: (none) => has_procedureAssignee: pkg-bugs => qa-bugsVersion: Cauldron => 6CC: (none) => mrambo
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. As per bug22801 Comment 4, opened pictures with eom and checked the metadata. Seems OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Installed and tested without issues. System: Mageia 6, x86_64, Intel CPU. Tests: - Extracting PSD metadata with exempi. - Using tellico (depends on lib64exempi3). - Using eom (depends on lib64exempi3). $ uname -a Linux marte 4.14.76-desktop-1.mga6 #1 SMP Sat Oct 13 23:34:21 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep exempi | sort lib64exempi3-2.4.5-1.1.mga6 $ find -ipath '*.psd' -exec exempi -x '{}' ';' processing file x.psd dump_xmp for file x.psd <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.5.0"> <SNIP>
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OKCC: (none) => mageia
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0416.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED