Fedora has issued an advisory on April 5: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZCNN7VUZORHBCGAJURZRCUTFLCK2ZPG2/ The issue is fixed upstream in 2.10.0.
Status comment: (none) => Fixed upstream in 2.10.0
Done for mga8!
RPMS: python3-pikepdf-2.10.0-1.mga8 python-pikepdf-doc-2.10.0-1.mga8 from python-pikepdf-2.10.0-1.mga8.src.rpm
Status comment: Fixed upstream in 2.10.0 => (none)Assignee: geiger.david68210 => qa-bugsCC: (none) => geiger.david68210
mga8, x64 CVE-2021-29421 There does not appear to be a PoC for this issue. Clean update. https://pikepdf.readthedocs.io/en/latest/index.html Found two simple examples of its use. Note that only python3 is supported. Remove last page from a document. $ cat test.py import pikepdf with pikepdf.open( 'input.pdf' ) as pdf: num_pages = len( pdf.pages ) del pdf.pages[-1] pdf.save( 'output.pdf' ) Ran this against a local PDF file and checked output.pdf in okular to see that the last page was removed. Rotate all pages of a document by 180°. $ cat rotate.py # Rotate all pages in a file by 180 degrees import pikepdf my_pdf = pikepdf.Pdf.open( 'test.pdf' ) for page in my_pdf.pages: page.Rotate = 180 my_pdf.save( 'test-rotated.pdf' ) Ran this and sure enough all 28 pages appeared upside-down in the output. pikepdf has a lot more capabilities but this shows that it is functional. Waiting for the advisory in case something has been missed.
CC: (none) => tarazed25
Assigning OK for mga8.
Whiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0268.html
Status: NEW => RESOLVEDResolution: (none) => FIXED