Debian-LTS has issued an advisory on March 18: https://www.debian.org/lts/security/2023/dla-3355 The issue is fixed upstream in 1.4.22. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.4.22
Assigning this globally as 'xapian' has no current maintainer.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Xapian database corruption on disk full is possible. It doesn't happen in every case as ENOSPC needs to happen on a particular operation during the commit but then not happen on a repeat attempt at that operation. (bdo#1032398) References: https://www.debian.org/lts/security/2023/dla-3355 ======================== Updated packages in core/updates_testing: ======================== lib(64)xapian30-1.4.17-1.1.mga8 lib(64)xapian-devel-1.4.17-1.1.mga8 xapian-1.4.17-1.1.mga8 from SRPM: xapian-1.4.17-1.1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 8CC: (none) => nicolas.salgueroSource RPM: xapian-1.4.20-1.mga9.src.rpm => xapian-1.4.17-1.mga8.src.rpmStatus: NEW => ASSIGNEDStatus comment: Fixed upstream in 1.4.22 => (none)Whiteboard: MGA8TOO => (none)
MGA8-64 MATE On Acer Aspire 5253 No installation issues. From MCC "Xapian is an Open Source Search Engine Library, released under the GPL. It's written in C++, with bindings to allow use from Perl, Python, PHP, Java, Tcl, C#, and Ruby (so far!)" Found # urpmq --whatrequires xapian python3-xapian-bindings recoll xapian xapian-bindings-java xapian-bindings-lua xapian-bindings-mono xapian-bindings-ruby xapian-bindings-tcl Installed recoll and run it under strace and found reference to xapian, while the recoll did its indexing and querying OK. Good enough for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0121.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED