Fedora has issued an advisory on September 6: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LXN6W5QTNQJ2LFDCQWKYSMMZ3NPUWP3U/ The issues are fixed upstream in 0.18.
Done!
Advisory: ======================== Updated pdfresurrect package fixes security vulnerabilities: A vulnerability was found in PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled (CVE-2019-14267). An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write (CVE-2019-14934). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14267 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14934 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LXN6W5QTNQJ2LFDCQWKYSMMZ3NPUWP3U/ ======================== Updated packages in core/updates_testing: ======================== pdfresurrect-0.18-1.mga7 from pdfresurrect-0.18-1.mga7.src.rpm
Assignee: geiger.david68210 => qa-bugsCC: (none) => geiger.david68210
Installed it Ran some tests and it seems to be working as designed. I was able to pull pdf information from several different pdf's.
CC: (none) => brtians1Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0419.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED