libgit2 0.28.5 has been released on April 1, fixing bugs and minor security issues: https://github.com/libgit2/libgit2/releases/tag/v0.28.5 Fedora has issued an advisory for this today (April 9): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HGUWBJBCQ2OYQ6KYKUNRYANFT5MCEIJK/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOStatus comment: (none) => Fixed upstream in 0.28.5
Done for both Cauldron and mga7!
CC: (none) => geiger.david68210
Another update done sooner than said! Assigning to you DavidG as having actually done it. No point in leaving any bug with bugsquad once it has been taken on board. It will need an advisory before being passed to QA.
CC: geiger.david68210 => (none)Assignee: bugsquad => geiger.david68210
Advisory: ======================== The libgit2 package has been updated to version 0.28.5, which fixes some out-of-bounds reads, as well as several other bugs. See the release announcement for details. References: https://github.com/libgit2/libgit2/releases/tag/v0.28.5 ======================== Updated packages in core/updates_testing: ======================== libgit2_28-0.28.5-1.mga7 libgit2-devel-0.28.5-1.mga7 from libgit2-0.28.5-1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7Assignee: geiger.david68210 => qa-bugsStatus comment: Fixed upstream in 0.28.5 => (none)CC: (none) => geiger.david68210
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref to bug 25348, I ran at CLI: $ strace -o libgit2.txt basket Kdelibs4ConfigMigrator migrate=true Kdelibs4Migration: start copying basket data KIO::CopyJob finished with result 111 "The file or folder /home/tester7/.kde/share/apps/basket does not exist." Of course that didn' exist, there hasn't been a KDE4 on this installation. Createda new bassket and inserted some text andd a screen capture, Worked OK. Then $ grep libgit2 libgit2.txt openat(AT_FDCWD, "/lib64/libgit2.so.28", O_RDONLY|O_CLOEXEC) = 3 QED OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Thank you, Herman. Validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Target Milestone: --- => Mageia 7Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2020-0094.html
Status: NEW => RESOLVEDResolution: (none) => FIXED