SUSE has issued an advisory today (December 9): https://lists.suse.com/pipermail/sle-security-updates/2022-December/013210.html Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T67HDP7NSPOPJ53IEWDVYIBF6BRGKCJ3/
Status comment: (none) => Patch available from openSUSE
Gnome package, so assigning to the GNOME maintainers
CC: (none) => marja11Assignee: bugsquad => gnome
Ubuntu has issued an advisory for this today (January 5): https://ubuntu.com/security/notices/USN-5786-1
Suggested advisory: ======================== The updated packages fix a security vulnerability: GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. (CVE-2022-37290) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37290 https://lists.suse.com/pipermail/sle-security-updates/2022-December/013210.html https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T67HDP7NSPOPJ53IEWDVYIBF6BRGKCJ3/ https://ubuntu.com/security/notices/USN-5786-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)nautilus1-3.38.2-1.1.mga8 lib(64)nautilus-gir3.0-3.38.2-1.1.mga8 lib(64)nautilus-devel-3.38.2-1.1.mga8 nautilus-3.38.2-1.1.mga8 from SRPM: nautilus-3.38.2-1.1.mga8.src.rpm
Assignee: gnome => qa-bugsCC: (none) => nicolas.salgueroCVE: (none) => CVE-2022-37290Whiteboard: MGA8TOO => (none)Status comment: Patch available from openSUSE => (none)Status: NEW => ASSIGNEDVersion: Cauldron => 8Source RPM: nautilus-43.0-2.mga9.src.rpm => nautilus-3.38.2-1.mga8.src.rpm
MGA8-64 MATE on Acer Aspire 5253 No installation issues. This laptop has MATE and Xfce as DE, I keep as far as possible from Gnome. But nautilus seems to display OK as far as the file structure on this laptop is concerned, including the display of remote NFS-shares. I think it is OK, but if some Gnome user comes along and has other tests, plse feel free to do and give the OK.
CC: (none) => herman.viaene
Fedora has issued an advisory for this today (January 10): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PX5CVF4FAHFA6UNKHFBBLOP2NUMIQJAY/
One week passed, everyone seems satisfied, so OK for me.
Whiteboard: (none) => MGA8-64-OK
I don't care for Gnome either, but I keep a vbox guest around for when I can't avoid it. I updated nautilus, with no installation issues. Ran it, navigated a bit, and it seems to be OK, confirming Herman's effort. Validating. Advisory in comment 4.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0011.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED