Bug 30195 - abcm2ps new security issues CVE-2021-3243[4-6]
Summary: abcm2ps new security issues CVE-2021-3243[4-6]
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2022-03-22 17:36 CET by David Walser
Modified: 2022-03-24 10:04 CET (History)
5 users (show)

See Also:
Source RPM: abcm2ps-8.14.7-2.mga9.src.rpm
Status comment:


Description David Walser 2022-03-22 17:36:04 CET
Fedora has issued an advisory today (March 22):

The issues are fixed upstream in 8.14.13.

Mageia 8 is also affected.
David Walser 2022-03-22 17:36:23 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 8.14.13
CC: (none) => mageia

Comment 1 Lewis Smith 2022-03-22 20:58:25 CET
In the absence of a visible maintainer, assigning this update too globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Lécureuil 2022-03-22 22:31:01 CET
Package updated in mga8:

    - abcm2ps-8.14.13-1.mga8

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Status comment: Fixed upstream in 8.14.13 => (none)
Assignee: pkg-bugs => qa-bugs

Comment 3 Len Lawrence 2022-03-23 10:25:07 CET
Copied the example ABC notation file from https://abcnotation.com/

$ abcm2ps -E -O = speedtheplough
Used gs to show the output file.
$ gs Speed_the_Plough.eps

$ abcm2ps -g -O = speedtheplough
The output file Speed_the_Plough.svg displayed fine using ImageMagick.
$ display Speed_the_Plough.svg

Both images matched that at https://abcnotation.com/

Removed the output files and updated the package.
Ran the same tests....
The resulting images were identical to the earlier ones.
Giving this an OK for 64-bits.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => tarazed25

Comment 4 Thomas Andrews 2022-03-23 13:07:03 CET

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-03-24 00:49:32 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2022-03-24 10:04:14 CET
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.