Fedora has issued an advisory on December 10: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOCC: (none) => nicolas.salguero
Assigning to Nicolas as the recent active maintainer; no registered person.
Assignee: bugsquad => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. (CVE-2019-17064) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17064 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/ ======================== Updated packages in core/updates_testing: ======================== xpdf-4.02-1.1.mga7 xpdf-common-4.02-1.1.mga7 from SRPMS: xpdf-4.02-1.1.mga7.src.rpm
Assignee: nicolas.salguero => qa-bugsCVE: (none) => CVE-2019-17064Status: NEW => ASSIGNEDWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
$ uname -a Linux localhost.localdomain 5.4.6-desktop-2.mga7 #1 SMP Mon Dec 23 12:05:27 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux The following 9 packages are going to be installed: - lib64qt5printsupport5-5.12.6-1.mga7.x86_64 - lib64rpm8-4.14.2.1-13.mga7.x86_64 - python3-rpm-4.14.2.1-13.mga7.x86_64 - rpm-4.14.2.1-13.mga7.x86_64 - rpm-plugin-syslog-4.14.2.1-13.mga7.x86_64 - rpm-plugin-systemd-inhibit-4.14.2.1-13.mga7.x86_64 - x11-font-adobe-100dpi-1.0.3-7.mga7.noarch - xpdf-4.02-1.1.mga7.x86_64 - xpdf-common-4.02-1.1.mga7.x86_64 Ran xpdf from command line. Viewed PDF content I created plus some album art in pdf format. Both worked without issue.
Whiteboard: (none) => MGA7-64-OKCC: (none) => brtians1
Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0422.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED