Fedora has issued an advisory on February 10: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Status comment: (none) => Patch available from Fedora
This pkg has no registered maintainer, so assigning globally; CC'ing some packagers who have done recent commits of it.
CC: (none) => olav, thierry.vignaudAssignee: bugsquad => pkg-bugs
Fedora advisory for 2.60.x (which we have in Mageia 7) from February 23: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KJMLGW55HOQXHMTIPH2PWXFRBNBWVO4W/ This was fixed in 2.62.5 and 2.63.6 (now in Cauldron).
Whiteboard: MGA7TOO => (none)Source RPM: glib2.0-2.63.5-2.mga8.src.rpm => glib2.0-2.60.2-1.mga7.src.rpmVersion: Cauldron => 7
Suggested advisory: ======================== The updated packages fix a security vulnerability: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. (CVE-2020-6750) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6750 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5RIFEDSRJ4P3WFCMDUOFQ2LEILZLMDW7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KJMLGW55HOQXHMTIPH2PWXFRBNBWVO4W/ ======================== Updated packages in core/updates_testing: ======================== glib2.0-common-2.60.2-1.3.mga7 lib(64)glib2.0_0-2.60.2-1.3.mga7 lib(64)gio2.0_0-2.60.2-1.3.mga7 lib(64)glib2.0-devel-2.60.2-1.3.mga7 lib(64)glib2.0-static-devel-2.60.2-1.3.mga7 glib-gettextize-2.60.2-1.3.mga7 from SRPMS: glib2.0-2.60.2-1.3.mga7.src.rpm
Status: NEW => ASSIGNEDStatus comment: Patch available from Fedora => (none)CC: (none) => nicolas.salgueroSource RPM: glib2.0-2.60.2-1.mga7.src.rpm => glib2.0-2.60.2-1.2.mga7.src.rpmCVE: (none) => CVE-2020-6750Assignee: pkg-bugs => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref. to bug 25276 for tests. This bug mentions to reboot after installation, so I did it as well, but MCC does not ask for it. Anyway, after reboot found no problems. played mpeg and odp files over NFS accessed shares over wifi. Installed also anki as in bug 25276, opens OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
The tester in Bug 25276 updated some glibc packages along with the glib2.0 packages. Glibc generated the need for the reboot. Validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0118.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED