openSUSE has issued an advisory on August 16: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N6TC5ZCUI72X4R5D7ZDQYSKDW4VVCUOE/ Mageia 8 is also affected.
Status comment: (none) => Patch available from openSUSEWhiteboard: (none) => MGA8TOO
This package has no registered maintainer, and has almost never been touched (except an aborted 'drop-it' in 2013). Necessarily assigning this globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. (CVE-2022-21950) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21950 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N6TC5ZCUI72X4R5D7ZDQYSKDW4VVCUOE/ ======================== Updated packages in core/updates_testing: ======================== canna-3.7p3-25.1.mga8 lib(64)canna1-3.7p3-25.1.mga8 lib(64)canna1-devel-3.7p3-25.1.mga8 from SRPM: canna-3.7p3-25.1.mga8.src.rpm
Source RPM: canna-3.7p3-26.mga9.src.rpm => canna-3.7p3-25.mga8.src.rpmStatus comment: Patch available from openSUSE => (none)CVE: (none) => CVE-2022-21950Version: Cauldron => 8Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Assignee: pkg-bugs => qa-bugs
Installed canna, then updated, with no installation issues. From the drakrpm description: "Canna is a Japanese Kana-Kanji translation engine." I do not speak Japanese, and considering Comment 1 I suspect finding a Japanese-speaking QA tester would be difficult at best. I did try to run some of the commands that had been put into /usr/bin, mostly returning some sort of syntax/user error. For lack of a better procedure, I'm going to send this on on the basis of a clean install. Validating. Advisory in Comment 2.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0306.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED