In upstream GNUTLS-SA-2019-03-27 at: https://www.gnutls.org/security-new.html CVE-2019-3829 affects Mageia 6. That, and CVE-2019-3836, were fixed in Cauldron by updating to 3.6.7. CVE-2019-3829 is: https://gitlab.com/gnutls/gnutls/issues/694
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11, nicolas.salguero, smelror
Fedora has issued an advisory for this today (March 31): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/
Suggested advisory: ======================== The updated packages fix a security vulnerability: A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. (CVE-2019-3829) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829 https://www.gnutls.org/security-new.html https://gitlab.com/gnutls/gnutls/issues/694 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WRSOL66LHP4SD3Y2ECJDOGT4K663ECDU/ ======================== Updated packages in core/updates_testing: ======================== gnutls-3.5.13-1.3.mga6 lib(64)gnutls30-3.5.13-1.3.mga6 lib(64)gnutlsxx28-3.5.13-1.3.mga6 lib(64)gnutls-devel-3.5.13-1.3.mga6 from SRPMS: gnutls-3.5.13-1.3.mga6.src.rpm
Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDCVE: (none) => CVE-2019-3829
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Ref to bug 23682 Comment 4 : I installed xombrero, point it to google, enter "apod" in the search field and select the astronomical picture of the day. Looks OK.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
MGA6-64 Plasma on AMD/nvidia-based system Performed the same tests as Herman, because they again sounded really easy. Looked at several Pictures of the Day, and all looked nice. No issues. This one looks good. Validating. Suggested advisory in Comment 3.
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0134.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED