Assigning to Nicolas as the recent active maintainer; no registered person.

Assignee: bugsquad => nicolas.salguero

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. (CVE-2019-17064)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17064
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/
========================

Updated packages in core/updates_testing:
========================
xpdf-4.02-1.1.mga7
xpdf-common-4.02-1.1.mga7

from SRPMS:
xpdf-4.02-1.1.mga7.src.rpm

Assignee: nicolas.salguero => qa-bugs
CVE: (none) => CVE-2019-17064
Status: NEW => ASSIGNED
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

$ uname -a
Linux localhost.localdomain 5.4.6-desktop-2.mga7 #1 SMP Mon Dec 23 12:05:27 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

The following 9 packages are going to be installed:

- lib64qt5printsupport5-5.12.6-1.mga7.x86_64
- lib64rpm8-4.14.2.1-13.mga7.x86_64
- python3-rpm-4.14.2.1-13.mga7.x86_64
- rpm-4.14.2.1-13.mga7.x86_64
- rpm-plugin-syslog-4.14.2.1-13.mga7.x86_64
- rpm-plugin-systemd-inhibit-4.14.2.1-13.mga7.x86_64
- x11-font-adobe-100dpi-1.0.3-7.mga7.noarch
- xpdf-4.02-1.1.mga7.x86_64
- xpdf-common-4.02-1.1.mga7.x86_64


Ran xpdf from command line.

Viewed PDF content I created plus some album art in pdf format.  Both worked without issue.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => brtians1

Validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0422.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED