Update incoming by Jani.

Advisory:
========================

Updated poppler packages fix security vulnerability:

buffer overflow in pdftohtml could result in a DoS (CVE-2020-27778).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778
https://ubuntu.com/security/notices/USN-4646-1

CC: (none) => jani.valimaa

Added an upstream patch to poppler-0.74.0-3.4.mga7 to fix the issue, please test.

SRPMS:
poppler-0.74.0-3.4.mga7

RPMS:
poppler-0.74.0-3.4.mga7
lib(64)poppler85-0.74.0-3.4.mga7
lib(64)poppler-devel-0.74.0-3.4.mga7
lib(64)poppler-cpp0-0.74.0-3.4.mga7
lib(64)poppler-qt5-devel-0.74.0-3.4.mga7
lib(64)poppler-qt5_1-0.74.0-3.4.mga7
lib(64)poppler-glib8-0.74.0-3.4.mga7
lib(64)poppler-gir0.18-0.74.0-3.4.mga7
lib(64)poppler-glib-devel-0.74.0-3.4.mga7
lib(64)poppler-cpp-devel-0.74.0-3.4.mga7

Assignee: bugsquad => qa-bugs

$ rpm -qa | grep poppler
lib64poppler-devel-0.74.0-3.3.mga7
lib64poppler-cpp0-0.74.0-3.3.mga7
lib64poppler-glib8-0.74.0-3.3.mga7
lib64poppler85-0.74.0-3.3.mga7
poppler-data-0.4.9-2.mga7
lib64poppler-qt5_1-0.74.0-3.3.mga7
lib64poppler-gir0.18-0.74.0-3.3.mga7
lib64poppler-cpp-devel-0.74.0-3.3.mga7
poppler-0.74.0-3.3.mga7
lib64poppler-glib-devel-0.74.0-3.3.mga7

Updated the packages:
Some dependencies gave trouble:
The following packages can't be installed because they depend on packages
that are older than the installed ones:
lib64input-devel-1.13.2-1.mga7
lib64qt5eglfsdeviceintegration-devel-5.12.6-4.mga7
lib64qt5gui-devel-5.12.6-4.mga7
lib64poppler-qt5-devel-0.74.0-3.4.mga7
Continue installation anyway? (Y/n) 

$ rpm -qa | grep poppler
lib64poppler-glib8-0.74.0-3.4.mga7
lib64poppler85-0.74.0-3.4.mga7
poppler-data-0.4.9-2.mga7
lib64poppler-cpp0-0.74.0-3.4.mga7
lib64poppler-cpp-devel-0.74.0-3.4.mga7
poppler-0.74.0-3.4.mga7
lib64poppler-devel-0.74.0-3.4.mga7
lib64poppler-qt5_1-0.74.0-3.4.mga7
lib64poppler-glib-devel-0.74.0-3.4.mga7
lib64poppler-gir0.18-0.74.0-3.4.mga7

That is all OK.
Moved to a folder containing some PDF files.
$ pdffonts AN202003March2020.pdf
[....]
CBJSPS+Helvetica-Condensed-Oblique   Type 1C           Custom           yes yes yes   9024  0
CBJSPS+HelveticaNeue-Bold            TrueType          WinAnsi          yes yes yes   9018  0
CBJSPS+HelveticaNeue-CondensedBlack-SC700 TrueType          WinAnsi          yes yes yes   9021  0
CBJSPS+Helvetica                     TrueType          WinAnsi          yes yes no    9020  0
$ pdftohtml AN202003March2020.pdf
[...]
Page-115
Page-116

Generated HTML pages and extracted embedded images from Astronomy Now.
AN202003March2020.html
 AN202003March2020-70_629.jpg              AN202003March2020_ind.html
 AN202003March2020-70_62.png               AN202003March2020.pdf
 AN202003March2020-70_630.jpg              AN202003March2020s.html

$ firefox AN202003March2020.html
Displayed the whole magazine via a page index.
Exercized a few more of the utilities, which all did what they were supposed to.

This is OK.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => tarazed25

Validating update.
Advisory pushed to SVN.

CC: (none) => ouaurelien, sysadmin-bugs
Keywords: (none) => advisory, validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0445.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED