Fedora has issued an advisory on September 24: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YP7TQYRM2UPP5R5NKSEGDFKJARD7VN4A/ Mageia 8 may also be affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Patches available from Fedora
No one packager evident, so assigning this globally.
Assignee: bugsquad => pkg-bugsSource RPM: (none) => libofx-0.10.7.mga8.src.rpm
Better advisory with a Bugzilla link: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KB467JGE4PFVR3LULWPIHJNHW4ORBRRJ/
More info: https://bugzilla.redhat.com/show_bug.cgi?id=2130201 https://github.com/libofx/libofx/issues/86
Severity: normal => major
Suggested advisory: ======================== The updated packages fix memory issues in libofx. (rhbz#2127755) References: https://bugzilla.redhat.com/show_bug.cgi?id=2127755 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YP7TQYRM2UPP5R5NKSEGDFKJARD7VN4A/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KB467JGE4PFVR3LULWPIHJNHW4ORBRRJ/ https://bugzilla.redhat.com/show_bug.cgi?id=2130201 https://github.com/libofx/libofx/issues/86 ======================== Updated packages in core/updates_testing: ======================== lib(64)ofx7-0.9.15-2.1.mga8 lib(64)ofx-devel-0.9.15-2.1.mga8 libofx-0.9.15-2.1.mga8 from SRPM: libofx-0.9.15-2.1.mga8.src.rpm
Status: NEW => ASSIGNEDVersion: Cauldron => 8Assignee: pkg-bugs => qa-bugsCC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Status comment: Patches available from Fedora => (none)Source RPM: libofx-0.10.7.mga8.src.rpm => libofx-0.9.15-2.mga8.src.rpm
No installation issues. I had hoped to be able to download a document from my bank in OFX format, but they only supply documents in Quicken-related formats. So, I searched the Internet for a sample file and found only one, at https://gist.github.com/jvz/2837829 (I'll include it as an attachment) urpmq --whatrequires-recursive libofx indicates that Skrooge requires the above library. $ skrooge example.ofx seems to import the file without reporting any errors, but in reading the ofx file it appears that part of the information was incorrectly imported. For example, the bank ID number looks correct, as does the account ID, but the account type, "SAVINGS" in the file, appears as "Current" in Skrooge. Other information in the file seems to be missing entirely from Skrooge. Unfortunately, not knowing anything about the format, I can't say whether the errors are in the file, or in Skrooge's importation. I don't know where to go from here.
CC: (none) => andrewsfarm
Created attachment 13419 [details] sample ofx file
Check the prior version to see if it's a regression. If it's not a regression, ok and validate the update. If it is a regression, assign it back to the packager.
CC: (none) => davidwhodgins
I thought of that myself as I was going to bed last night. I checked, and the file loads the same using the older version. I tend to conclude that it is probably the 11-year-old file that could be in error. OKing, and validating. Advisory in Comment 4.
CC: (none) => sysadmin-bugsWhiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0368.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED