openSUSE has issued an advisory on November 6: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RNU4P4P7ZCF5TYOAPMGGBX2KSE6IHZFT/ Fix: https://github.com/michaelrsweet/htmldoc/commit/683bec548e642cf4a17e003fb34f6bbaf2d27b98
CVE: (none) => CVE-2024-46478Source RPM: (none) => htmldoc-1.9.15-3.mga9.src.rpmStatus comment: (none) => Patch available from upstreamWhiteboard: (none) => MGA9TOO
Debian also lists CVE-2024-45508. Fix: https://github.com/michaelrsweet/htmldoc/commit/2d5b2ab9ddbf2aee2209010cebc11efdd1cab6e2
Status comment: Patch available from upstream => Patches available from upstreamCVE: CVE-2024-46478 => CVE-2024-45508, CVE-2024-46478Summary: htmldoc new security issue CVE-2024-46478 => htmldoc new security issues CVE-2024-45508 and CVE-2024-46478
Suggested advisory: ======================== The updated packages fix security vulnerabilities: HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node.. (CVE-2024-45508) HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. (CVE-2024-46478) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RNU4P4P7ZCF5TYOAPMGGBX2KSE6IHZFT/ ======================== Updated packages in core/updates_testing: ======================== htmldoc-1.9.15-3.1.mga9 htmldoc-nogui-1.9.15-3.1.mga9 from SRPM: htmldoc-1.9.15-3.1.mga9.src.rpm
Status comment: Patches available from upstream => (none)Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugsVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)
Keywords: (none) => advisory
RH x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Nonfree 32bit Updates (distrib37)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing htmldoc-1.9.15-3.1.mga9.x86_64.rpm htmldoc-nogui-1.9.15-3.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/2: htmldoc-nogui ################################################################################################## 2/2: htmldoc ################################################################################################## 1/2: removing htmldoc-nogui-1.9.15-3.mga9.x86_64 ################################################################################################## 2/2: removing htmldoc-1.9.15-3.mga9.x86_64 ################################################################################################## Use gui to convert pidgin html log of i18n meeting to pdf, not good translation of some characters, but works Use cli to convert pidgin html log of i18n meeting to pdf, not good translation of some characters, but works POC requires to rebuild with asan so skip
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0353.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED