Fedora has issued an advisory today (September 26): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EWHUZCRMGOC3QS6C65KWBM6ZJM25V6HI/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Thanks reporting this. Sadly assigning to all packagers. (Packagers: Please change status to "Assigned" when you are working on this.)
Assignee: bugsquad => pkg-bugsCC: (none) => ouaurelien
CC'ed recent commiters.
CC: (none) => geiger.david68210, jani.valimaa
Hi, After checking the code and the patch, I did not find any reference to the problematic code in Mageia 7 and the summary of the CVE seems to confirm that the issue only affects version 0.20.0 so the problem appears only for Cauldron. Best regards, Nico.
Resolution: (none) => FIXEDWhiteboard: MGA7TOO => (none)Status: NEW => RESOLVEDCVE: (none) => CVE-2020-24890CC: (none) => nicolas.salguero
https://bugzilla.redhat.com/show_bug.cgi?id=1882344#c2 The code is in a different place in older versions.
Whiteboard: (none) => MGA7TOOResolution: FIXED => (none)Status: RESOLVED => REOPENED
Fixed in Cauldron by Nicolas in libraw-0.20.0-2.mga8.
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)
i tested the poc and we do not seems affected in mga7: $ cat /etc/lsb-release LSB_VERSION= DISTRIB_ID="Mageia" DISTRIB_RELEASE=7 DISTRIB_CODENAME=mga7 DISTRIB_DESCRIPTION="Mageia 7" LC_ALL=C g++ -o test -lraw -I/usr/include/ test.c $ ./test poc libraw finished! from : https://github.com/LibRaw/LibRaw/issues/335
CC: (none) => mageiaStatus: REOPENED => RESOLVEDResolution: (none) => FIXED
Version: 7 => Cauldron