openSUSE has issued an advisory today (March 3): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6B3VSER4WPCPULJGLJVI75SE2NKX4RQH/ Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Patches available from upstream and openSUSE
Suggested advisory: ======================== The updated packages fix a security vulnerability: Double-free vulnerability in contrib/shpsort.c. (CVE-2022-0699) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0699 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6B3VSER4WPCPULJGLJVI75SE2NKX4RQH/ ======================== Updated packages in core/updates_testing: ======================== lib(64)shp2-1.5.0-2.1.mga8 lib(64)shp-devel-1.5.0-2.1.mga8 shapelib-1.5.0-2.1.mga8 from SRPM: shapelib-1.5.0-2.1.mga8.src.rpm
Version: Cauldron => 8Status: NEW => ASSIGNEDWhiteboard: MGA8TOO => (none)CC: (none) => nicolas.salgueroStatus comment: Patches available from upstream and openSUSE => (none)Assignee: bugsquad => qa-bugsCVE: (none) => CVE-2022-0699
mga8, x64 AFAIK from the XML documentation, shapelib is a developers tool to overcome the rectangular bias of Xlib; i.e. to provide curves and circles, shadows and other things. whatrequires lists gnudl, gpsbabel, marble, and roadmap as needing the shp2 library but before updating an strace of marble did not indicate that shp2 was involved in running it. Might depend on circumstances. Updated the three packages and tried marble again, Earth view - open street map and atlas. Toured Apollo sites on the moon. The trace did not indicate any direct use of the lib64shp2 library. Tried the open street map view in marble and printed out a map of a section of Copenhagen. Still nothing in the trace. However, marble is definitely working without regressions. plplot might be a better bet but don't know how to use it. roadmap probably needs a GPS device - none available. Leaving this as it stands. Inclined to assign OK but maybe somebody else would like a shot?
CC: (none) => tarazed25
Whiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0096.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED