30559 – halibut new security issues CVE-2021-42612, CVE-2021-42613, CVE-2021-42614

Bug 30559 - halibut new security issues CVE-2021-42612, CVE-2021-42613, CVE-2021-42614

Summary: halibut new security issues CVE-2021-42612, CVE-2021-42613, CVE-2021-42614

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2022-06-16 23:24 CEST by David Walser
Modified:	2022-06-18 23:32 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	halibut-1.2-5.mga9.src.rpm
CVE:
Status comment:

Attachments
Random extracts from halibut tutorial (3.70 KB, text/plain) 2022-06-17 19:31 CEST, Len Lawrence	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-06-16 23:24:52 CEST

Fedora has issued an advisory today (June 16):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CC7UZ7NRXDA7YSCSGWE2CBQM7OZS3K2R/

Mageia 8 is also affected.

David Walser 2022-06-16 23:25:16 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 1.3

Comment 1 Nicolas Lécureuil 2022-06-17 10:09:05 CEST

New version pushed in mga 8/9


src:
    - halibut-1.3-1.mga8

CC: (none) => mageia
Status comment: Fixed upstream in 1.3 => (none)
Assignee: bugsquad => qa-bugs
Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 2 David Walser 2022-06-17 15:47:09 CEST

vim-halibut-1.3-1.mga8
halibut-1.3-1.mga8

from halibut-1.3-1.mga8.src.rpm

Comment 3 Len Lawrence 2022-06-17 19:31:58 CEST

Created attachment 13301 [details]
Random extracts from halibut tutorial

CC: (none) => tarazed25

Comment 4 Len Lawrence 2022-06-17 19:40:18 CEST

mga8, x64

Tried out halibut before updating, using some lines extracted from the online tutorial.  Successfully converted the file to other formats which could be read OK.

After updating used the same file to generate PDF, postscript and HTML versions.  All displayed correctly with xpdf, gs and firefox respectively.

$ halibut --pdf=sample2.pdf sample.but

Tried vim but it was impossible to see if vim was aware of the halibut context - no syntax highlighting for instance.
No regressions anyway so this is OK.

Whiteboard: (none) => MGA8-64-OK

Comment 5 Thomas Andrews 2022-06-18 14:12:06 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-06-18 21:02:45 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 6 Mageia Robot 2022-06-18 23:32:00 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0237.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.