Debian-LTS has issued an advisory on June 7: https://www.debian.org/lts/security/2020/dla-2236 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
openSUSE has issued an advisory for this on June 8: https://lists.opensuse.org/opensuse-updates/2020-06/msg00034.html
Patched packages uploaded for Mageia 7 and Cauldron. Advisory: ======================== Updated graphicsmagick packages fix security vulnerability: GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c (CVE-2020-12672). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12672 https://lists.opensuse.org/opensuse-updates/2020-06/msg00034.html ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.35-1.1.mga7 libgraphicsmagick3-1.3.35-1.1.mga7 libgraphicsmagick++12-1.3.35-1.1.mga7 libgraphicsmagickwand2-1.3.35-1.1.mga7 libgraphicsmagick-devel-1.3.35-1.1.mga7 perl-Graphics-Magick-1.3.35-1.1.mga7 graphicsmagick-doc-1.3.35-1.1.mga7 from graphicsmagick-1.3.35-1.1.mga7.src.rpm
Assignee: smelror => qa-bugsVersion: Cauldron => 7Whiteboard: MGA7TOO => (none)
Tested on a 64-bit Plasma system, amd HD8490 graphics. The following 2 packages are going to be installed: - graphicsmagick-1.3.35-1.1.mga7.x86_64 - lib64graphicsmagick3-1.3.35-1.1.mga7.x86_64 No installation issues. Referred to https://bugs.mageia.org/show_bug.cgi?id=26094#c4 for testing procedure. In addion manipulated an image in various ways from the gui. All tests were successful. Biving this an OK and validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA7-64-OK
Advisory pushed to SVN.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0472.html
Status: NEW => RESOLVEDResolution: (none) => FIXED