SUSE has issued an advisory on December 27: http://lists.suse.com/pipermail/sle-security-updates/2019-December/006293.html Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Assigning globally; CC Joseph as a recent committer. --- When the update becomes available, I offer to test it (if possible). Dia I knew.
CC: (none) => joequant, lewyssmithAssignee: bugsquad => pkg-bugs
Done for both Cauldron and mga7!
CC: (none) => geiger.david68210
7 64 bit updated cleanly. Swedish locale OK, looking good, made a small diagram. I dont know how to make a filename with invalid encoding Output in konsole where i launched it from: ** (dia:15131): WARNING **: 00:02:08.353: expected enumeration type GtkUpdateType, but got GtkPolicyType instead
CC: (none) => fri
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7
Advisory: ======================== Updated dia package fixes security vulnerability: An endless loop on filenames with invalid encoding (CVE-2019-19451). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19451 http://lists.suse.com/pipermail/sle-security-updates/2019-December/006293.html ======================== Updated packages in core/updates_testing: ======================== dia-0.97.3-8.1.mga7 from dia-0.97.3-8.1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugs
dia already installed. This one looks dangerous to test. https://gitlab.gnome.org/GNOME/dia/issues/428 $ touch $'\374'.dia $ dia $'\374' Filename conversion failed: � <repeated many times> Ctrl-C Updated the drawing package and repeated the test. $ dia $'\374' Filename conversion failed: � <this appears only once> The diagram editor appears with a tools interface and a default diagram Diagram1.dia. Added a few blocks and squiggles and some coloured text then saved file. Reopened dia on the new file and it loaded fine. Good for 64-bits.
Whiteboard: (none) => MGA7-64-OKCC: (none) => tarazed25
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0022.html
Status: NEW => RESOLVEDResolution: (none) => FIXED