Slackware has issued an advisory on November 7: https://lwn.net/Articles/997470/
CVE: (none) => CVE-2024-50602Status comment: (none) => Fixed upstream in 2.6.4Source RPM: (none) => expat-2.6.3-1.mga9.src.rpmWhiteboard: (none) => MGA9TOO
expat-2.6.4-1.mga9 and expat-2.6.4-1.mga10 are building.
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602) References: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.358428 ======================== Updated packages in core/updates_testing: ======================== expat-2.6.4-1.mga9 lib(64)expat1-2.6.4-1.mga9 lib(64)expat-devel-2.6.4-1.mga9 from SRPM: expat-2.6.4-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)Status comment: Fixed upstream in 2.6.4 => (none)Version: Cauldron => 9Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNED
Keywords: (none) => advisory
RH x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (64-bit)" is up-to-date medium "QA Testing (32-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Nonfree 32bit Updates (distrib37)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing //home/katnatek/qa-testing/i586/libexpat1-2.6.4-1.mga9.i586.rpm //home/katnatek/qa-testing/x86_64/expat-2.6.4-1.mga9.x86_64.rpm //home/katnatek/qa-testing/x86_64/lib64expat1-2.6.4-1.mga9.x86_64.rpm Preparing... ################################################################################################## 1/3: lib64expat1 ################################################################################################## 2/3: expat ################################################################################################## 3/3: libexpat1 ################################################################################################## 1/3: removing libexpat1-2.6.3-1.mga9.i586 ################################################################################################## 2/3: removing expat-2.6.3-1.mga9.x86_64 ################################################################################################## 3/3: removing lib64expat1-2.6.3-1.mga9.x86_64 ################################################################################################## Followed the procedure from the wiki, as was used in bug#31057 comment#2 (needed test files are attached to bug#31057) python Python 3.10.11 (main, Sep 18 2024, 10:39:40) [GCC 12.3.0] on linux Type "help", "copyright", "credits" or "license" for more information. python testexpat.py Tested OK xmlwf /etc/xml/catalog xmlwf /etc/passwd /etc/passwd:1:16: not well-formed (invalid token)
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
This package was pushed today but for some reason this bug wasn't automatically closed.
CC: (none) => danStatus: ASSIGNED => RESOLVEDResolution: (none) => FIXED
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0362.html