Debian-LTS has issued an advisory on December 1: https://www.debian.org/lts/security/2020/dla-2475 The issue is fixed upstream in 0.21.
Assignee: bugsquad => geiger.david68210
Done for mga7!
Advisory: ======================== Updated pdfresurrect package fixes security vulnerability: In PDFResurrect before 0.20, lack of header validation checks causes a heap-buffer-overflow in pdf_get_version() (CVE-2020-20740). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20740 https://www.debian.org/lts/security/2020/dla-2475 ======================== Updated packages in core/updates_testing: ======================== pdfresurrect-0.21-1.mga7 from pdfresurrect-0.21-1.mga7.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
Fedora has issued an advisory for this today (December 4): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JMEEEPBBGER5LPABBRVZLMCC6Z24RBXW/
MGA7-64 MATE on Peaq C1011 No installation isssues. Ref bug 26304 for test, I will upload the referredd pdf for future reference. $ pdfresurrect Remoteattacksurfaces.pdf -i Gives loads of Remoteattacksurfaces.pdf: --A-- Version 1 -- Object 5830 (Unknown) Remoteattacksurfaces.pdf: --A-- Version 1 -- Object 5831 (Stream) and at the end ---------- Remoteattacksurfaces.pdf ---------- Versions: 2 Version 1 -- 5832 objects PDF Version: 1.5 Title: Author: (chris) Subject: Keywords: Creator: (�� Producer: CreationDate: ModDate: Trapped: which is similar to the previous bug report $ pdfresurrect Remoteattacksurfaces.pdf -q Remoteattacksurfaces.pdf: 2 no feedback at all But 2 versions of the file heve been extracted, and can be read OK. running the same command at a "regular" pdf file gives similar results, but $ pdfresurrect decl2011_43122204192.pdf -q decl2011_43122204192.pdf: 1 only one version is present, so noadditional files created. OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Sorry, test file is too large and compresses very little.
Validating Advisory pushed to SVN.
Keywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0449.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED