Fedora has issued an advisory on September 24:
Mageia 8 may also be affected.
Patches available from Fedora
No one packager evident, so assigning this globally.
Better advisory with a Bugzilla link:
The updated packages fix memory issues in libofx. (rhbz#2127755)
Updated packages in core/updates_testing:
Patches available from Fedora =>
No installation issues.
I had hoped to be able to download a document from my bank in OFX format, but they only supply documents in Quicken-related formats. So, I searched the Internet for a sample file and found only one, at https://gist.github.com/jvz/2837829 (I'll include it as an attachment)
urpmq --whatrequires-recursive libofx indicates that Skrooge requires the above library.
$ skrooge example.ofx seems to import the file without reporting any errors, but in reading the ofx file it appears that part of the information was incorrectly imported. For example, the bank ID number looks correct, as does the account ID, but the account type, "SAVINGS" in the file, appears as "Current" in Skrooge. Other information in the file seems to be missing entirely from Skrooge. Unfortunately, not knowing anything about the format, I can't say whether the errors are in the file, or in Skrooge's importation.
I don't know where to go from here.
Created attachment 13419 [details]
sample ofx file
Check the prior version to see if it's a regression. If it's not a regression,
ok and validate the update. If it is a regression, assign it back to the
I thought of that myself as I was going to bed last night. I checked, and the file loads the same using the older version. I tend to conclude that it is probably the 11-year-old file that could be in error.
OKing, and validating. Advisory in Comment 4.
An update for this issue has been pushed to the Mageia Updates repository.