Debian has issued an advisory on October 4:
Mageia 7 is also affected.
libapreq2 new security issue =>
libapreq2 new security issue CVE-2019-12412Whiteboard:
This package has no maintainer, so assigning this globally.
Updated libapreq2 packages fix security vulnerability:
Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing
a remote attacker to cause a denial of service against an application using the
library (application crash) if an invalid nested "multipart" body is processed
Updated packages in core/updates_testing:
MGA7-64 Plasma on Lenovo B50
No installation issues.
Tried to find anything that uses these packages, the only thing I found was mason. Found a tutorial for that, but this seems real developer stuff. Not in my league.
I will agree on OK'ing on a clean install.
@Hermam, comment 4
Had a look at this and have to agree, it would take a month of Sundays to get to grips with mason or autodia. A clean install was all that could be achieved here. Adding the OK for you.
Going with that, then. Validating. Advisory in Comment 3.