Debian-LTS has issued an advisory on October 24: https://www.debian.org/lts/security/2022/dla-3158 Mageia 8 is also affected. Also, this package should be dropped from Cauldron (see Bug 29326).
Depends on: (none) => 29326Whiteboard: (none) => MGA8TOO
This is nominally with Joseph, but unsure whether he is still active for us, so CC'ing him, assigning globally in case not.
Assignee: bugsquad => pkg-bugsCC: (none) => joequant
Suggested advisory: ======================== The updated packages fix a security vulnerability: Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. (CVE-2020-21365) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21365 https://www.debian.org/lts/security/2022/dla-3158 ======================== Updated packages in core/updates_testing: ======================== lib(64)wkhtmltox0-0.12.5-4.1.mga8 lib(64)wkhtmltox-devel-0.12.5-4.1.mga8 wkhtmltopdf-0.12.5-4.1.mga8 from SRPM: wkhtmltopdf-0.12.5-4.1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)CVE: (none) => CVE-2020-21365Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroAssignee: pkg-bugs => qa-bugsVersion: Cauldron => 8Source RPM: wkhtmltopdf-0.12.5-5.mga9.src.rpm => wkhtmltopdf-0.12.5-4.mga8.src.rpm
MGA8-64 MATE on Acer Aspire 5253 No installation issues No wiki, no previous updates, so just checked in MCC what commands are implemented here and tried these. $ wkhtmltopdf donderdag.html don.pdf Loading page (1/2) Printing pages (2/2) Done Number of pages in the original document (made from an odt) is correct, resulted in a 4 page pdf with correct contents. [tester8@mach7 Documents]$ wkhtmltoimage donderdag.html don.jpeg Loading page (1/2) Rendering (2/2) Done Reults in a long narrow image in correct proportion to the actual data in the html file, text is correctly readable. Good enough for me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0407.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED