That CVE was announced here: https://www.openwall.com/lists/oss-security/2024/03/08/2 https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5 Version 4.43.0 and above fixed the issue so only Mageia 9 is affected. The following commit fixes the problem: https://github.com/fonttools/fonttools/commit/9f61271dc1ca82ed91f529b130fe5dc5c9bf1f4c
CVE: (none) => CVE-2023-45139Source RPM: (none) => fonttools-4.38.0-2.mga9.src.rpm
Done for mga9! Assigning to QA, Packages in 9/Core/Updates_testing: ====================== fonttools-4.38.0-2.1.mga9.noarch.rpm python3-fonttools+lxml-4.38.0-2.1.mga9.noarch.rpm python3-fonttools+ufo-4.38.0-2.1.mga9.noarch.rpm python3-fonttools+unicode-4.38.0-2.1.mga9.noarch.rpm python3-fonttools+woff-4.38.0-2.1.mga9.noarch.rpm python3-fonttools-4.38.0-2.1.mga9.noarch.rpm From SRPMS: fonttools-4.38.0-2.1.mga9.src.rpm
CC: (none) => geiger.david68210Assignee: bugsquad => qa-bugs
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. No wiki or previous updates, and this is untrodden domain for me, so googled and tried some commands that I could understand (more or less). Ended up with: $ ttx -l /usr/share/fonts/ttf/western/Adventure.ttf Listing table info for "/usr/share/fonts/ttf/western/Adventure.ttf": tag checksum length offset ---- ---------- -------- -------- OS/2 0x16F03A36 78 17988 PCLT 0xCEADA2CE 54 2604 cmap 0xA0F0BF80 506 236 cvt 0x6B2A6F4F 192 744 fpgm 0x0211C261 472 936 glyf 0x73FF76A8 14866 2660 head 0x65C34A1B 54 1408 hhea 0x0C280510 36 17952 hmtx 0x760A14DE 392 17528 loca 0x000AE2D0 396 1464 maxp 0x014400BE 32 17920 name 0xABB7AD1F 483 2120 post 0x090A09B9 230 1888 prep 0x0D240506 26 1860 At least no error comes up and sensble formatting, as to the contents, it is a puzzle for me. As the command seems to work OK, giving it the go, unless someone else has better ideas.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
I saw this one last night and did the same research as Herman, but it was too late and I was too tired to proceed. Herman, you did as I would have done. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0060.html
Status: NEW => RESOLVEDResolution: (none) => FIXED