Fedora has issued an advisory today (November 14): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/ Mageia 8 and 9 are also affected.
CC: (none) => nicolas.salgueroSource RPM: (none) => radare2-5.8.8-1.mga9.src.rpmWhiteboard: (none) => MGA9TOO, MGA8TOO
Status comment: (none) => Patches available from Fedora
Assigning to our registered radare2 maintainer
CC: (none) => marja11Assignee: bugsquad => geiger.david68210
Fixed both mga9 and Cauldron! Assigning to QA, Packages in 9/Core/Updates_testing: ====================== lib64radare2-devel-5.8.8-1.1.mga9 lib64radare2_5.8.8-5.8.8-1.1.mga9 libradare2-devel-5.8.8-1.1.mga9 libradare2_5.8.8-5.8.8-1.1.mga9 radare2-5.8.8-1.1.mga9 From SRPMS: radare2-5.8.8-1.1.mga9.src.rpm
Version: Cauldron => 9Whiteboard: MGA9TOO, MGA8TOO => (none)Assignee: geiger.david68210 => qa-bugs
URL: (none) => https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/64KUV6OGEVQ75QOV35PUVVDOJTKSJHYN/CVE: (none) => CVE-2023-4322 CVE-2023-5686
Keywords: (none) => advisory
I uploaded this advisory with a wrong commit message: Add bugfix advisory M9 mga#32521 After correcting it with propedit, like this [marja@localhost advisories]$ svn propedit --revprop svn:log -r 15616 Set new value for property 'svn:log' on revision 15616 [marja@localhost advisories]$ it is what it should be here: [marja@localhost advisories]$ svn log | head ------------------------------------------------------------------------ r15616 | marja | 2024-02-03 21:26:55 +0100 (za, 03 feb 2024) | 2 lines Add security advisory M9 radare mga#32521 But I never see such corrections in svnweb: https://svnweb.mageia.org/advisories?view=revision Should I delete and re-add the advisory?
No. Subversion has the correct commit message. Svnweb will never update. Don't worry about that.
Thanks, David :-)
Copied rpm names from Comment 2 into QARepo and get libradare2-devel-5.8.8-1.1.mga9 not found in the remote repository libradare2_5.8.8-5.8.8-1.1.mga9 not found in the remote repository I suppose those are the 32-bit versions, continuing without those.
CC: (none) => herman.viaene
MGA9-64 Plasma Wayland on HP Pavillion No installation issues. Followed bug 29163 for testing using the firefox.exe I got from my Win 11 installation. $ rabin2 -I firefox.exe arch x86 baddr 0x140000000 binsz 671136 bintype pe bits 64 canary true retguard false class PE32+ cmp.csum 0x000b2b25 compiled Mon Feb 5 15:47:45 2024 crypto false dbg_file firefox.pdb endian little havecode true hdr.csum 0x000b2b25 guid 64ECC926E3639C014C4C44205044422E1 laddr 0x0 lang msvc linenum false lsyms false machine AMD 64 nx true os windows overlay true cc ms pic true relocs false signed true sanitize false static false stripped false subsys Windows GUI va true [tester9@mach4 Documents]$ rax2 0011000011111111d 12543 [tester9@mach4 Documents]$ rasm2 ret c3 $ radare2 firefox.exe [0x14002ba70]> aa INFO: Analyze all flags starting with sym. and entry0 (aa) INFO: Analyze all functions arguments/locals (afva@@@F) [0x14002ba70]> s/ fire Searching 4 bytes in [0x1400ab600-0x1400ac000] hits: 0 Searching 4 bytes in [0x1400ab000-0x1400ab600] hits: 0 and some more, ending with [# ]0x14005504d hit0_0 .itigationPolicyfirefoxFirefoxNtOp. [0x14005504d]> quit This all looks OKas far as I understand it.
Whiteboard: (none) => MGA9-64-OK
MID-air collision! MGA9-64 Plasma in VirtualBox. Radare2 is a tool for reverse-engineering binaries. Before attempting any testing this time, I consulted the Web for some guidance. I found several Youtube videos on the subject, including a tutorial series with at least 8 parts. Clearly, any testing beyond a few basics is beyond the scope of QA. I installed all 64-bit packages and dependencies, with no issues. I also installed the radare2-cutter GUI and its dependencies. Not technically a part of this update, but useful for testing. After using qarepo to update the packages, I referred to bug 29163 comment 18 for tests: [tom@localhost ~]$ rafind2 -s "text" /bin/kwrite | wc -l 1 [tom@localhost ~]$ r2 -a x86 /bin/oowriter [0x00000000]> The "V" command produced a lengthy hexadecimal dump that was completely incomprehensible to me, but was consistent with the previous bug's test. "q" brought back the above prompt. "p" was a command I saw in an introductory video, and it produced a very different sort of dump, still incomprehensible to someone whose fading coding skills are some 35 years old, but consistent with what I saw in the video. I ran the Cutter gui, and loaded /bin/oowriter into it, and opened it. I told it to analyze the file using the "experimental" tab, which it did, producing more incomprehensible output - but nothing that looked like it wasn't working. Between the two of us, Herman, I think we've got it. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0044.html
Status: NEW => RESOLVEDResolution: (none) => FIXED