26666 – abcm2ps new security issues CVE-2018-10753 and CVE-2018-10771

Bug 26666 - abcm2ps new security issues CVE-2018-10753 and CVE-2018-10771

Summary: abcm2ps new security issues CVE-2018-10753 and CVE-2018-10771

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Alex Loginov
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2020-05-21 22:26 CEST by David Walser
Modified:	2022-04-17 13:47 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	abcm2ps-7.8.14-2.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-05-21 22:26:37 CEST

Fedora has issued an advisory today (May 21):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W6DUTXB4EC3TQHTTAAIBKJ54GJTF6Y7V/

The issues are fixed upstream in 8.13.21 and 8.14.7.

David Walser 2020-05-21 22:29:03 CEST

Status comment: (none) => Fixed upstream in 8.13.21 and 8.14.7

Comment 1 Nicolas Lécureuil 2020-05-22 00:13:06 CEST

Fixed in cauldron

Status: NEW => RESOLVED
CC: (none) => mageia
Resolution: (none) => FIXED

Comment 2 David Walser 2020-05-22 00:57:42 CEST

Now actually fixed in abcm2ps-8.14.7-1.mga8.

Status comment: Fixed upstream in 8.13.21 and 8.14.7 => (none)

Comment 3 David Walser 2022-04-17 13:47:00 CEST

This update also fixed CVE-2019-1010069:
https://www.debian.org/lts/security/2022/dla-2983

Note You need to log in before you can comment on or make changes to this bug.