In upstream GNUTLS-SA-2019-03-27 at:
CVE-2019-3829 affects Mageia 6. That, and CVE-2019-3836, were fixed in Cauldron by updating to 3.6.7.
Assigning to all packagers collectively, since there is no registered maintainer for this package.
marja11, nicolas.salguero, smelror
Fedora has issued an advisory for this today (March 31):
The updated packages fix a security vulnerability:
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. (CVE-2019-3829)
Updated packages in core/updates_testing:
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
Ref to bug 23682 Comment 4 : I installed xombrero, point it to google, enter "apod" in the search field and select the astronomical picture of the day.
MGA6-64 Plasma on AMD/nvidia-based system
Performed the same tests as Herman, because they again sounded really easy. Looked at several Pictures of the Day, and all looked nice. No issues.
This one looks good. Validating. Suggested advisory in Comment 3.
An update for this issue has been pushed to the Mageia Updates repository.