openSUSE has issued an advisory on November 21: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XCN4RDNPZFEC7XOGPRWL5FYCRIUMWEFW/ Details from the upstream maintainer: https://bugzilla.suse.com/show_bug.cgi?id=1191571#c1 Fixes are in 7.0.4 plus the patch added by openSUSE: https://build.opensuse.org/package/view_file/openSUSE:Backports:SLE-15-SP3:Update/hylafax+/hylafax.diff?expand=1
Status comment: (none) => Fixed upstream in 7.0.4 plus patch from openSUSECC: (none) => jani.valimaa
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix regressions due to CVE-2020-15397 fix. References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XCN4RDNPZFEC7XOGPRWL5FYCRIUMWEFW/ ======================== Updated packages in core/updates_testing: ======================== hylafax+-7.0.4-1.mga8 hylafax+-client-7.0.4-1.mga8 lib(64)hylafax+7-7.0.4-1.mga8 lib(64)hylafax+-devel-7.0.4-1.mga8 from SRPM: hylafax+-7.0.4-1.mga8.src.rpm
CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDStatus comment: Fixed upstream in 7.0.4 plus patch from openSUSE => (none)Assignee: pkg-bugs => qa-bugs
Tested in VirtualBox. No installation issues. Referenced https://bugs.mageia.org/show_bug.cgi?id=26233#c8 for test, as I do not own a device. (Thank you, Herman.) After running # /usr/sbin/faxsetup -server I checked the status of the service: # systemctl -l status hylafax-hfaxd.service ● hylafax-hfaxd.service - HylaFAX hfaxd (client service) Loaded: loaded (/usr/lib/systemd/system/hylafax-hfaxd.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2021-12-09 16:21:33 EST; 6min ago Main PID: 74130 (hfaxd) Tasks: 1 (limit: 4695) Memory: 952.0K CPU: 7ms CGroup: /system.slice/hylafax-hfaxd.service └─74130 /usr/sbin/hfaxd -d -i hylafax Dec 09 16:21:33 localhost.localdomain systemd[1]: Started HylaFAX hfaxd (client service). Dec 09 16:21:33 localhost.localdomain HylaFAX[74130]: Listening to 0.0.0.0:4559 Dec 09 16:21:33 localhost.localdomain HylaFAX[74130]: HylaFAX INET Protocol Server: restarted. Looks OK, as far as this test goes. Further testing, without the proper hardware, is beyond the scope of QA. Validating. Advisory in Comment 1.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2021-0232.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED