Debian-LTS has issued an advisory today (May 23): https://www.debian.org/lts/security/2022/dla-3019 Mageia 8 is also affected.
No choice but to assign this globally; 'admesh' has no evident packager.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. (CVE-2018-25033) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25033 https://www.debian.org/lts/security/2022/dla-3019 ======================== Updated packages in core/updates_testing: ======================== admesh-0.98.4-2.1.mga8 lib(64)admesh1-0.98.4-2.1.mga8 lib(64)admesh-devel-0.98.4-2.1.mga8 from SRPM: admesh-0.98.4-2.1.mga8.src.rpm
Version: Cauldron => 8Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsCC: (none) => nicolas.salgueroCVE: (none) => CVE-2018-25033
Tested in a 64-bit Vbox Plasma guest. No installation issues for the update. Admesh is described as "a program for diagnosing and/or repairing commonly encountered problems with STL (STereo Lithography) data files." A bit beyond my expertise, but... The one previous update gave no clue for testing, so I went to the Web for guidance. There I found https://www.systutorials.com/docs/linux/man/1-admesh/ which gave a few basic command examples. After downloading a couple of sample stl files from https://ozeki.hu/p_1116-sample-stl-files-you-can-use-for-testing.html I gave the most basic command a try: $ admesh Stanford_Bunny_sample.stl ADMesh version 0.98.4, Copyright (C) 1995, 1996 Anthony D. Martin ADMesh comes with NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Opening Stanford_Bunny_sample.stl Checking exact... All facets connected. No nearby check necessary. No unconnected need to be removed. No holes need to be filled. Checking normal directions... Checking normal values... Calculating volume... Verifying neighbors... ================= Results produced by ADMesh version 0.98.4 ================ Input file : Stanford_Bunny_sample.stl File type : Binary STL file Header : Visualization Toolkit generated SLA File ============== Size ============== Min X = -23.550819, Max X = 84.196114 Min Y = -42.009937, Max Y = 45.791847 Min Z = 5.275085, Max Z = 113.166840 ========= Facet Status ========== Original ============ Final ==== Number of facets : 112402 112402 Facets with 1 disconnected edge : 0 0 Facets with 2 disconnected edges : 0 0 Facets with 3 disconnected edges : 0 0 Total disconnected facets : 0 0 === Processing Statistics === ===== Other Statistics ===== Number of parts : 1 Volume : 279629.218750 Degenerate facets : 0 Edges fixed : 0 Facets removed : 0 Facets added : 0 Facets reversed : 0 Backwards edges : 0 Normals fixed : 0 A sample model of the Eiffel Tower produced similar results. There are options available for manipulating the files, but I believe the above test on two different files is sufficient for an OK from QA.
Whiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0209.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED