SUSE has issued an advisory on January 19: https://lists.suse.com/pipermail/sle-security-updates/2022-January/010028.html The issue is fixed upstream in 1.9.14. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.9.14CC: (none) => nicolas.salguero
Do you mind doing this, NicolasS? You have done quite a number of CVEs for this SRPM.
CC: nicolas.salguero => (none)Assignee: bugsquad => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a crash when clicking the button "Generate" and a security vulnerability: A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. (CVE-2021-43579) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43579 https://lists.suse.com/pipermail/sle-security-updates/2022-January/010028.html ======================== Updated packages in core/updates_testing: ======================== htmldoc-nogui-1.9.14-1.mga8 htmldoc-1.9.14-1.mga8 from SRPM: htmldoc-1.9.14-1.mga8.src.rpm
Source RPM: htmldoc-1.9.8-4.mga9.src.rpm => htmldoc-1.9.8-1.3.mga8.src.rpmCC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Version: Cauldron => 8Status: NEW => ASSIGNEDCVE: (none) => CVE-2021-43579Status comment: Fixed upstream in 1.9.14 => (none)Assignee: nicolas.salguero => qa-bugs
Updated the packages using qarepo, with no installation issues. Tested using some html files of "Grokking the Gimp" that were downloaded so long ago that I don't remember doing it. Tried the gui first, launched from the Plasma Tools menu. The crash from the "generate" button, which I had observed before, is fixed. Tried the "nogui" next, on another html page, and produced a pdf of that page that looks just like the html page when viewed in Firefox. It all looks good to me. Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0033.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED