Ubuntu has issued an advisory on August 17: https://ubuntu.com/security/notices/USN-6299-1 The issues are fixed upstream in 21.01.0 so only Mageia 8 is affected.
CC: (none) => nicolas.salgueroStatus comment: (none) => Fixed upstream in 21.01.0Source RPM: (none) => poppler-20.12.1-1.3.mga8.src.rpm
Suggested advisory: ======================== The updated packages fix security vulnerabilities: An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023) An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. (CVE-2020-36024) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36023 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36024 https://ubuntu.com/security/notices/USN-6299-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)poppler105-20.12.1-1.4.mga8 lib(64)poppler-cpp0-20.12.1-1.4.mga8 lib(64)poppler-cpp-devel-20.12.1-1.4.mga8 lib(64)poppler-devel-20.12.1-1.4.mga8 lib(64)poppler-gir0.18-20.12.1-1.4.mga8 lib(64)poppler-glib8-20.12.1-1.4.mga8 lib(64)poppler-glib-devel-20.12.1-1.4.mga8 lib(64)poppler-qt5_1-20.12.1-1.4.mga8 lib(64)poppler-qt5-devel-20.12.1-1.4.mga8 poppler-20.12.1-1.4.mga8 from SRPM: poppler-20.12.1-1.4.mga8.src.rpm
Status: NEW => ASSIGNEDAssignee: bugsquad => nicolas.salguero
Status comment: Fixed upstream in 21.01.0 => (none)Assignee: nicolas.salguero => qa-bugs
CC: (none) => mageia
MGA8-64 Xfce on Acer Aspire 5253 No installation issues Ref bug 30805 for testing $ pdftohtml handleidingVM.pdf testpoppler.html Page-1 Page-2 Page-3 Page-4 Page-5 Page-6 Page-7 Page-8 Page-9 link to page 6 Page-10 Page-11 Page-12 Opened correctly in Firefox with a page index as a lefthand column of links and the text and graphics to the right. [tester8@mach7 Documents]$ pdftotext handleidingVM.pdf VM.txt Opened with mousepad and text is complete with indicators where graphical items occured in the original document. Good to go.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0262.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED