31207 – admesh new security issue TALOS-2022-1594

Bug 31207 - admesh new security issue TALOS-2022-1594

Summary: admesh new security issue TALOS-2022-1594

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2022-11-30 18:13 CET by David Walser
Modified:	2022-12-13 23:10 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	admesh-0.98.4-2.1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-11-30 18:13:19 CET

Fedora has issued an advisory today (November 30):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IWF2CGKHHMVPAEZ2VSMQDVMDS4VUYMV3/

The issue is fixed upstream in 0.98.5.

Mageia 8 is also affected.

David Walser 2022-11-30 18:13:32 CET

Status comment: (none) => Fixed upstream in 0.98.5
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-11-30 20:18:03 CET

No particular packager in sight for this SRPM, so assigning this update globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2022-12-01 09:30:24 CET

Suggested advisory:
========================

The updated packages fix a security vulnerability: TALOS-2022-1594.

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IWF2CGKHHMVPAEZ2VSMQDVMDS4VUYMV3/
========================

Updated packages in core/updates_testing:
========================
admesh-0.98.5-1.mga8
lib64admesh1-0.98.5-1.mga8
lib64admesh-devel-0.98.5-1.mga8

from SRPM:
admesh-0.98.5-1.mga8.src.rpm

Source RPM: admesh-0.98.4-4.mga9.src.rpm => admesh-0.98.4-2.1.mga8.src.rpm
CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Whiteboard: MGA8TOO => (none)
Assignee: pkg-bugs => qa-bugs
Status comment: Fixed upstream in 0.98.5 => (none)
Version: Cauldron => 8

Comment 3 Thomas Andrews 2022-12-06 23:27:50 CET

Tested in a VirtualBox Plasma guest. No installation issues.

Tested as in bug 30466 comment 3:

$ admesh Stanford_Bunny_sample.stl 
ADMesh version 0.98.5, Copyright (C) 1995, 1996 Anthony D. Martin
ADMesh comes with NO WARRANTY.  This is free software, and you are welcome to
redistribute it under certain conditions.  See the file COPYING for details.
Opening Stanford_Bunny_sample.stl
Checking exact...
All facets connected.  No nearby check necessary.
No unconnected need to be removed.
No holes need to be filled.
Checking normal directions...
Checking normal values...
Calculating volume...
Verifying neighbors...

================= Results produced by ADMesh version 0.98.5 ================
Input file         : Stanford_Bunny_sample.stl
File type          : Binary STL file
Header             : Visualization Toolkit generated SLA File                                        
============== Size ==============
Min X = -23.550819, Max X =  84.196114
Min Y = -42.009937, Max Y =  45.791847
Min Z =  5.275085, Max Z =  113.166840
========= Facet Status ========== Original ============ Final ====
Number of facets                 : 112402               112402
Facets with 1 disconnected edge  :     0                   0
Facets with 2 disconnected edges :     0                   0
Facets with 3 disconnected edges :     0                   0
Total disconnected facets        :     0                   0
=== Processing Statistics ===     ===== Other Statistics =====
Number of parts       :     1        Volume   :  279629.218750
Degenerate facets     :     0
Edges fixed           :     0
Facets removed        :     0
Facets added          :     0
Facets reversed       :     0
Backwards edges       :     0
Normals fixed         :     0

These results are the same as in the previous test. Giving this an OK, and validating. Advisory in Comment 2.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-12-13 02:26:27 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 4 Mageia Robot 2022-12-13 23:10:49 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0456.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.