Assigning globally; CC Joseph as a recent committer.
---
When the update becomes available, I offer to test it (if possible). Dia I knew.

CC: (none) => joequant, lewyssmith
Assignee: bugsquad => pkg-bugs

Done for both Cauldron and mga7!

CC: (none) => geiger.david68210

7 64 bit updated cleanly.

Swedish locale OK, looking good, made a small diagram.
I dont know how to make a filename with invalid encoding

Output in konsole where i launched it from: ** (dia:15131): WARNING **: 00:02:08.353: expected enumeration type GtkUpdateType, but got GtkPolicyType instead

CC: (none) => fri

Advisory:
========================

Updated dia package fixes security vulnerability:

An endless loop on filenames with invalid encoding (CVE-2019-19451).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19451
http://lists.suse.com/pipermail/sle-security-updates/2019-December/006293.html
========================

Updated packages in core/updates_testing:
========================
dia-0.97.3-8.1.mga7

from dia-0.97.3-8.1.mga7.src.rpm

Assignee: pkg-bugs => qa-bugs

dia already installed.
This one looks dangerous to test.
https://gitlab.gnome.org/GNOME/dia/issues/428

$ touch $'\374'.dia
$ dia $'\374'
Filename conversion failed: �
<repeated many times>
Ctrl-C

Updated the drawing package and repeated the test.
$ dia $'\374'
Filename conversion failed: �
<this appears only once>

The diagram editor appears with a tools interface and a default diagram Diagram1.dia.  Added a few blocks and squiggles and some coloured text then saved file.
Reopened dia on the new file and it loaded fine.
Good for 64-bits.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => tarazed25

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0022.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED