Hello QA, I just uploaded liferea 1.12.10 to 8/updates_testing. It fixes CVE-2023-1350 which is a Remote code execution. Please test and hopefully validate this package. Tentative Advisory: ======================== Updated liferea 1.12.10 fix a security vulnerability CVE-2023-1350 Remote code execution on feed enrichment If you have enabled "Extract full content from HTML5 and Google AMP" for one or more of your feed subscriptions it is possible for a an attacker to inject a script command that would run any command on your system. Upgrading to 1.12.10 solves this security problem. If you cannot upgrade disable "Extract full content from HTML5 and Google AMP" for all of you feeds. This can be done in the feed properties dialog, References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1350 https://github.com/lwindolf/liferea/releases/tag/v1.12.10 ======================== Updated packages in core/updates_testing: ======================== liferea-1.12.10-1.1.mga8 Source RPM: liferea-1.12.10-1.1.mga8.src.rpm Thanks regards Julien
CC: (none) => julien.moragny
MGA8-64 MATE on Acer Aspire 5253 No installation issues. No previous experience with this kind of stuff, so just opened it at the CLI: $ liferea (liferea:5080): Gtk-WARNING **: 10:02:21.632: Theme parsing error: gtk.css:2:33: Failed to import: Error opening file /home/tester8/.config/gtk-3.0/window_decorations.css: No such file or directory Oops, secure memory pool already initialized Oops, secure memory pool already initialized (WebKitWebProcess:5096): Gtk-WARNING **: 10:02:23.094: Theme parsing error: gtk.css:2:33: Failed to import: Error opening file /home/tester8/.config/gtk-3.0/window_decorations.css: No such file or directory unsupported entity: r.target.src Liferea opens OK with a whole list of subscriptions preconfigured, jumped around a bit, found Planet Mageia and read the announcement of Mageia9beta. Works OK to me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in comment 0.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0103.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED