Ubuntu has issued an advisory on July 15: https://usn.ubuntu.com/4057-1/ Mageia 6 and Mageia 7 are also affected.
Whiteboard: (none) => MGA7TOO, MGA6TOO
Assigning to the registered maintainer, but CC'ing cjw, who was the only one to touch this package after it was imported.
Assignee: bugsquad => shlomifCC: (none) => cjw, marja11
Shlomi updated Cauldron to 2.2.1.0. Will need to make sure it includes: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
Re-assigning globally due to change to no specific maintainer.
Assignee: shlomif => pkg-bugs
(In reply to David Walser from comment #2) > Shlomi updated Cauldron to 2.2.1.0. Will need to make sure it includes: > https://sourceforge.net/p/zipios/code-git/ci/ > 96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch zipios 2.2.1.0 is no more zipios++ so this patch is unneeded as the zipios++/zipheadio.h file doesn't exist anymore in source.
CC: (none) => geiger.david68210
Whiteboard: MGA7TOO, MGA6TOO => (none)Version: Cauldron => 7
Fixed for mga7!
Advisory: ======================== Updated zipios++ packages fix security vulnerability: Mike Salvatore discovered that Zipios mishandled certain malformed ZIP files. An attacker could use this vulnerability to cause a denial of service or consume system resources (CVE-2019-13453). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13453 https://usn.ubuntu.com/4057-1/ ======================== Updated packages in core/updates_testing: ======================== libzipios++0-0.1.5.9-6.1.mga7 libzipios++-devel-0.1.5.9-6.1.mga7 from zipios++-0.1.5.9-6.1.mga7
Assignee: pkg-bugs => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. At CLI: # urpmq --whatrequires lib64zipios++0 enigma freecad lib64zipios++-devel lib64zipios++0 Decided for enigma, played a bit but had some trouble trying to exit this thing, but $ strace -o zipios.txt enigma showed a call to openat(AT_FDCWD, "/lib64/libzipios.so.0", O_RDONLY|O_CLOEXEC) = 3 in the early part of the trace. OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 6.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0341.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED