Debian-LTS has issued an advisory on July 14: https://www.debian.org/lts/security/2023/dla-3497 The issue is fixed upstream in 1.27.9: https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 1.27.9Whiteboard: (none) => MGA8TOO
This pkg is updated by different packagers, so assigning the bug globally.
Assignee: bugsquad => pkg-bugs
Package updated for cauldron, Mageia 9, and Mageia 8 Advisory: ======================== Patched python-pypdf2 package fixes security vulnerability: It was discovered that python-pypdf2 contained a vulnerability whereby an attacker can craft a PDF which leads to unexpected long runtime. (CVE-2023-36810). References: https://www.debian.org/lts/security/2023/dla-3497 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36810 ======================== Updated packages in core/updates_testing: ======================== python3-pypdf2-1.27.9-1.mga8.noarch.rpm from python-pypdf2-1.27.9-1.mga8.src.rpm (for Mageia 9) python3-pypdf2-1.27.9-1.mga9.noarch.rpm from python-pypdf2-1.27.9-1.mga9.src.rpm Possible test help https://bugs.mageia.org/show_bug.cgi?id=30511#c5
Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 9CC: (none) => mhrambo3501
MGA8-64 Xfce on Acer Aspire 5253 No installation issues Followed suggestion above, kraft not chosen because no KDE on this laptop, installed pdf-stapler and followed example as in https://github.com/hellerbarde/stapler $ stapler sel HLN_MSAS07_18LACM.pdf handleidingVM.pdf test.pdf no feedback, resulting test.pdf has a correct concatenation of the two documents. OK for me.
CC: (none) => herman.viaeneWhiteboard: MGA8TOO => MGA8TOO MGA8-64-OK
MGA9-64 Plasma on an HP Probook 6550b. No installation issues. Did essentially the same test as comment 3, except that I got my command examples from the pdf-stapler READ.ME file. I was able to concatenat5e two of my own pdf files with no issues. This is OK for MGA9. Validating. Advisory in comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OK
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0254.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED