Ubuntu has released an advisory on June 25: https://ubuntu.com/security/notices/USN-6847-1
CVE: (none) => CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464Status comment: (none) => Patches available from UbuntuSource RPM: (none) => libheif-1.16.2-1.mga9.src.rpm
The following links are to patches; but sometimes the same issue has several; or I could not find a patch. It is a nightmare. https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014 https://github.com/strukturag/libheif/compare/ebafe361ac626e463c040472aee9023c46d76dcb..55cc0d8b66de5e21b18b8ebeee9e3afce9adfb05 https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991 https://github.com/strukturag/libheif/commit/fd5b02aca3e29088bf0a1fc400bd661be4a6ed76 https://github.com/bradh/libheif/commit/357a32cf90051efa8824f38fecb3b921b81d14b8 https://github.com/bradh/libheif/commit/ca8b64a0007cb8e895e45301ed361624fac0b017 https://github.com/strukturag/libheif/commit/2bf226a300951e6897ee7267d0dd379ba5ad7287 Assigning to DavidG who currently commits this pkg.
Assignee: bugsquad => geiger.david68210
Assigning to QA, Packages in 9/Core/Updates_testing: ====================== libheif-1.16.2-1.1.mga9 libheif-devel-1.16.2-1.1.mga9 libheif1-1.16.2-1.1.mga9 lib64heif-devel-1.16.2-1.1.mga9 lib64heif1-1.16.2-1.1.mga9 Packages in 9/Tainted/Updates_testing: ======================== libheif-1.16.2-1.1.mga9.tainted libheif-devel-1.16.2-1.1.mga9.tainted libheif1-1.16.2-1.1.mga9.tainted lib64heif-devel-1.16.2-1.1.mga9.tainted lib64heif1-1.16.2-1.1.mga9.tainted From SRPMS: libheif-1.16.2-1.1.mga9.src.rpm libheif-1.16.2-1.1.mga9.tainted.src.rpm
Assignee: geiger.david68210 => qa-bugs
Keywords: (none) => advisory
Referenced Bug 31768 Comment 4 for testing. Updated the core packages in an "untainted" VirtualBox MGA9-64 guest, then used Gimp to load and display an heif image that had been downloaded from the Internet. Trying to export the image in heif format wasn't allowed. No issues there. Updated the tainted packages in another VirtualBox MGA9-64 guest, then once again used Gimp to load and display a downloaded heif image. This time, however, I was able to export the image in heif format. No issues there, either. Looks good here. Validating.
Keywords: (none) => has_procedure, validated_updateWhiteboard: (none) => MGA9-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0243.html
Status: NEW => RESOLVEDResolution: (none) => FIXED