pixman 0.42.2 has been released on November 3, fixing a security issue: https://lists.x.org/archives/xorg-announce/2022-November/003249.html A CVE has been assigned: https://lists.x.org/archives/xorg-announce/2022-November/003251.html
Status comment: (none) => Fixed upstream in 0.42.2
Debian-LTS has issued an advisory for this today (November 7): https://www.debian.org/lts/security/2022/dla-3179
> Fixed upstream in 0.42.2 DavidW has already put this in Cauldron (thanks). Assigning to Thierry simply because you have committed this SRPM a few times recently, so have seen it. So this is just for M8.
Assignee: bugsquad => thierry.vignaud
Suggested advisory: ======================== The updated packages fix a security vulnerability: In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. (CVE-2022-44638) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44638 https://lists.x.org/archives/xorg-announce/2022-November/003249.html https://lists.x.org/archives/xorg-announce/2022-November/003251.html https://www.debian.org/lts/security/2022/dla-3179 ======================== Updated packages in core/updates_testing: ======================== lib(64)pixman1_0-0.40.0-1.1.mga8 lib(64)pixman-devel-0.40.0-1.1.mga8 from SRPM: pixman-0.40.0-1.1.mga8.src.rpm
Status comment: Fixed upstream in 0.42.2 => (none)CC: (none) => nicolas.salgueroCVE: (none) => CVE-2022-44638Assignee: thierry.vignaud => qa-bugsStatus: NEW => ASSIGNED
MGA8-64 MATE on Acer Aspire 5253 No installation issues Ref bug 16815 for testing mpg file plays OK with VLC-player Restarted firefox and video from newspaper site plays OK (sound and video in sync) OK for me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0423.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED