Debian has issued an advisory on October 4: https://www.debian.org/security/2019/dsa-4541 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOSummary: libapreq2 new security issue => libapreq2 new security issue CVE-2019-12412
Done!
CC: (none) => geiger.david68210
This package has no maintainer, so assigning this globally.
Assignee: bugsquad => pkg-bugs
Advisory: ======================== Updated libapreq2 packages fix security vulnerability: Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing a remote attacker to cause a denial of service against an application using the library (application crash) if an invalid nested "multipart" body is processed (CVE-2019-12412). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12412 https://www.debian.org/security/2019/dsa-4541 ======================== Updated packages in core/updates_testing: ======================== libapreq2_3-2.130.0-28.1.mga7 libapreq-devel-2.130.0-28.1.mga7 perl-libapreq2-2.130.0-28.1.mga7 apache-mod_apreq-2.130.0-28.1.mga7 from libapreq-2.130.0-28.1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugsWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
MGA7-64 Plasma on Lenovo B50 No installation issues. Tried to find anything that uses these packages, the only thing I found was mason. Found a tutorial for that, but this seems real developer stuff. Not in my league. I will agree on OK'ing on a clean install.
CC: (none) => herman.viaene
@Hermam, comment 4 Had a look at this and have to agree, it would take a month of Sundays to get to grips with mason or autodia. A clean install was all that could be achieved here. Adding the OK for you.
Whiteboard: (none) => MGA7-64-OKCC: (none) => tarazed25
Going with that, then. Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0327.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
*** Bug 27624 has been marked as a duplicate of this bug. ***