openSUSE has issued an advisory today (October 30): https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Fedora has issued an advisory for this today (October 31): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/
Hi, thanks for reporting this. Assigned to recent commiter. (Please set the status to 'assigned' if you are working on it)
Assignee: bugsquad => pkg-bugsCC: (none) => olav, ouaurelienKeywords: (none) => Triaged
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. (CVE-2019-19917) Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. (CVE-2019-19918) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19917 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19918 https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00068.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGZKTKGRJTQE43SFU77X5QJHKXTTOJYB/ ======================== Updated packages in core/updates_testing: ======================== lout-3.40-9.1.mga7 lout-doc-3.40-9.1.mga7 from SRPM: lout-3.40-9.1.mga7.src.rpm
Status: NEW => ASSIGNEDCVE: (none) => CVE-2019-19917, CVE-2019-19918Version: Cauldron => 7Whiteboard: MGA7TOO => (none)Keywords: Triaged => (none)CC: (none) => nicolas.salgueroSource RPM: lout-3.40-10.mga8.src.rpm => lout-3.40-9.mga7.src.rpmAssignee: pkg-bugs => qa-bugs
MGA7_64 MATE on Peaq C1011 No installation issues. No previous update, so Google brought me http://www.adrianjwells.freeuk.com/lout.pdf Took the first example (will upload this file) using pluma and run the command to create a pdf file. $ lout louttest.txt > louttest.pdf lout file "louttest.txt": 4,149: character "\231" replaced by space (it has no glyph in font Times Base) 6,39: character "\231" replaced by space (it has no glyph in font Times Base) $ ls lout.li louttest.pdf louttest.txt louttest.txt.ld The pdf file opens in Atril and looks OK. The .li file seems some kind of log, while the .ld file seems an exxpansion of the txt file with all the commands involved. I didn't read the tutorial further to check whether my interpretation is 100% correct The command seems to do its job.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Created attachment 11983 [details] txt file as copied from the tutorial
Validated. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Advisory pushed to SVN.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0411.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
Xan anyone explain why this patch was not pushed to Cauldron as well?
CC: (none) => zombie_ryushu
Zombie, please check before... http://svnweb.mageia.org/packages?view=revision&revision=1641592 http://madb.mageia.org/package/show/name/lout/release/cauldron/application/0