Debian has issued an advisory on October 4:
Mageia 7 is also affected.
libapreq2 new security issue =>
libapreq2 new security issue CVE-2019-12412
This package has no maintainer, so assigning this globally.
Updated libapreq2 packages fix security vulnerability:
Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing
a remote attacker to cause a denial of service against an application using the
library (application crash) if an invalid nested "multipart" body is processed
Updated packages in core/updates_testing:
MGA7-64 Plasma on Lenovo B50
No installation issues.
Tried to find anything that uses these packages, the only thing I found was mason. Found a tutorial for that, but this seems real developer stuff. Not in my league.
I will agree on OK'ing on a clean install.
@Hermam, comment 4
Had a look at this and have to agree, it would take a month of Sundays to get to grips with mason or autodia. A clean install was all that could be achieved here. Adding the OK for you.
Going with that, then. Validating. Advisory in Comment 3.
An update for this issue has been pushed to the Mageia Updates repository.