Apache has issued an advisory on February 24: https://www.openwall.com/lists/oss-security/2021/02/24/1 The issue is fixed upstream in 2.6. Mageia 7 and Mageia 8 are also affected.
Status comment: (none) => Fixed upstream in 2.6Assignee: bugsquad => javaWhiteboard: (none) => MGA8TOO, MGA7TOO
fixed packages for mga7/8: src: - xmlgraphics-commons-2.6-1.mga7 - xmlgraphics-commons-2.6-1.mga8
CC: (none) => mageiaAssignee: java => qa-bugs
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOVersion: Cauldron => 8CC: (none) => ouaurelienCVE: (none) => CVE-2020-11988Status comment: Fixed upstream in 2.6 => (none)
Package list: xmlgraphics-commons-2.6-1.mga7 xmlgraphics-commons-javadoc-2.6-1.mga7 xmlgraphics-commons-2.6-1.mga8 xmlgraphics-commons-javadoc-2.6-1.mga8
Advisory: ======================== Updated xmlgraphics-commons packages fix security vulnerability: The Apache XML Graphics Commons library is vulnerable to SSRF via the XMPParser that allow an attacker to cause the underlying server to make arbitrary GET requests (CVE-2020-11988). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11988 https://www.openwall.com/lists/oss-security/2021/02/24/1 http://xmlgraphics.apache.org/security.html
MGA7-64 MATE on Peaq C1011 No installation issues Searched for some easy example, but none to my liking. This is java developer stuff. OK on clean install??
CC: (none) => herman.viaene
Yes, install and update from the existing packages, as usual.
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
MGA8-64 Plasma No installation issue on existing version. Looks OK. Validating Advisory pushed to SVN.
CC: (none) => sysadmin-bugsKeywords: (none) => advisory, validated_updateWhiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0144.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
Fedora has issued an advisory for this on March 28: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JP4XA56DA3BFNRBBLBXM6ZAI5RUVFA33/