Upstream has issued an advisory on February 20: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 This issue and another are fixed upstream in 2.16.5: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released Mageia 7 is also affected.
Status comment: (none) => Fixed upstream in 2.16.5Whiteboard: (none) => MGA7TOO
Status: NEW => ASSIGNED
Fixed in Cauldron with mbedtls-2.16.5-1.mga8. Pushed mbedtls-2.16.5-1.mga7 to Mageia 7 core/updates_testing. RPMs in core/updates_testing: ============================= lib64mbedcrypto3-2.16.5-1.mga7 lib64mbedtls12-2.16.5-1.mga7 lib64mbedtls-devel-2.16.5-1.mga7 lib64mbedx509_0-2.16.5-1.mga7 mbedtls-2.16.5-1.mga7 SRPM in core/updates_testing: ============================= mbedtls-2.16.5-1.mga7 Advisory pending.
Whiteboard: MGA7TOO => (none)Assignee: rverschelde => qa-bugsVersion: Cauldron => 7
Status comment: Fixed upstream in 2.16.5 => (none)
mga7, x86_64 Updated the packages, all of which were already installed at previous version. Referred to previous test in https://bugs.mageia.org/show_bug.cgi?id=25952. godot-3.1.1-1.mga7 already installed. Launched godot and accessed "Templates", browsed a bit, then selected "2D Finite State Machine Demo", looked at the description, then downloaded the demo. Entered the editor and selected AssetLib and browsed a few more projects, selected NotesTab, downloaded and installed that. Hopefully that exercised mbedtls. Forgot to run a trace. The user's godot directory looks like this: $ tree godot godot ├── addons │ └── notes_tab │ ├── LICENSE │ ├── notes_tab.gd │ ├── notes_tab.tscn ...... ├── project.godot └── state_machine ├── state.gd └── state_machine.gd 14 directories, 43 files Giving this an OK for 64-bits.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
CC: (none) => tmbKeywords: (none) => advisory
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0130.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
Thanks for writing the advisory Thomas :)
Fedora has issued an advisory for this on March 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2U5SD5ORL6H6YYMFTMQNOIGNNXVYVCAM/