Debian-LTS has issued an advisory today (November 23): https://www.debian.org/lts/security/2020/dla-2462 The issue is fixed upstream in 2.9.3 (gmic should be updated with it). Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
cimg-2.9.3-1.mga8 (and gmic) uploaded for Cauldron by David Geiger.
CC: (none) => geiger.david68210Source RPM: cimg-2.9.2-1.mga8.src.rpm => cimg-2.5.7-1.mga7.src.rpmWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
Hi, thanks for reporting this bug. As there is no maintainer for this package I added committers in CC. (Please set the status to 'assigned' if you are working on it)
Assignee: bugsquad => pkg-bugsCC: (none) => joequant, ouaurelien
Suggested advisory: ======================== The updated packages fix a security vulnerability: Multiple heap buffer overflows. (CVE-2020-25693) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25693 https://www.debian.org/lts/security/2020/dla-2462 ======================== Updated packages in core/updates_testing: ======================== cimg-2.5.7-1.1.mga7 cimg-devel-2.5.7-1.1.mga7 from SRPM: cimg-2.5.7-1.1.mga7.src.rpm
CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsCVE: (none) => CVE-2020-25693
mga7, x86_64 Installed the two packages then updated them from updates testing. Used updatedb and mlocate to track down the examples provided and made a local copy of the /usr/share/doc/cimg-devel/examples/ folder. Ran `make linux` which built most of the test programs from the C++ scripts. ./tutorial provided a picture of a red parrot with the invitation to move the mouse over it. Scanning the image in the X direction painted the RGB intensity profiles in real time in another window. ./jawbreaker is some sort of game with coloured buttons. It responded - cannot say any more than that. $ ./image_surface3d - Load file 'logo.bmp' - Create image surface - Compute image isophotes - Enter interactive loop. Reminder : + Use mouse to rotate and zoom object + key 'F' : Toggle fullscreen + key 'Q' or 'ESC' : Quit + Any other key : Change rendering type Rotation and zooming worked fine but 'F' did not work nor did 'Q'. $ ./image2ascii ASCII art works, So does ./tetris. $ ./fade_images Image fading: this = 0x7ffda2f1ce40, size = (211,242,1,3) [149 Kio], data = (unsigned char*)0x129cc30..0x12c2291 (non-shared) = [ 190 189 190 189 189 190 190 190 ... 145 146 138 136 140 143 143 143 ], min = 0, max = 222, mean = 123.514, std = 56.0126, coords_min = (80,208,0,0), coords_max = (127,77,0,1). Various things happened to the image - difficult to describe. $ ./curve_editor2d - No input image specified, use default 512x512 image. Showed a circle and filled square. Left mouse button distorted the circle and turned the square into a polygon. There is a menu for keyboard functions, like P to toggle control point visibility and T for tangents. $ ./gaussian_fit1d demonstrates "Levenberg-Marquardt Gaussian fitting for those in the know. ./scene3d shows rendering of 3D shapes. And so on and so forth. To venture a personal opinion, this is an extremely impressive little package which appears to be working as designed. Full marks.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Validating update Advisory pushed to SVN.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0443.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
*** Bug 29029 has been marked as a duplicate of this bug. ***