Fedora has issued an advisory on June 14, 2011: http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062164.html They fixed it by updating to 3.2.1, which fixes the issue.
CC: (none) => anssi.hannula
CC: (none) => balcaen.john
This message is a reminder that Mageia 1 is nearing its end of life. In approximately 25 days from now, Mageia will stop maintaining and issuing updates for Mageia 1. At that time this bug will be closed as WONTFIX (EOL) if it remains open with a Mageia 'version' of '1'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Mageia version prior to Mageia 1's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Mageia 1 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Mageia, you are encouraged to click on "Version" and change it against that version of Mageia. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Mageia release includes newer upstream software that fixes bugs or makes them obsolete. -- Mageia Bugsquad
Updated package uploaded for Mageia 1. Advisory: ======================== Updated libvoikko packages fix security vulnerability: This update provides version 3.2.1, which contains the following fix. Fix handling of embedded null characters in input strings entered through the Python interface. The bug could be used to cause denial of service conditions and possibly other problems. Users of these interfaces are recommended to upgrade to this release. Applications that use the native C++ library directly (this includes all well known desktop applications) are not affected by this bug and no changes to the native library have been made in this release. References: http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062164.html ======================== Updated packages in core/updates_testing: ======================== voikko-tools-3.2.1-1.mga1 libvoikko1-3.2.1-1.mga1 libvoikko-devel-3.2.1-1.mga1 python-libvoikko-3.2.1-1.mga1 libvoikko-debug-3.2.1-1.mga1 from libvoikko-3.2.1-1.mga1.src.rpm
Assignee: fundawang => qa-bugs
No poc, so just testing that voikkospell works. $ voikkospell valo C: valo asdf W: asdf Testing complete on Mageia 1 i586 and x86-64. Could someone from the sysadmin team push the srpm libvoikko-3.2.1-1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated libvoikko packages fix security vulnerability: This update provides version 3.2.1, which contains the following fix. Fix handling of embedded null characters in input strings entered through the Python interface. The bug could be used to cause denial of service conditions and possibly other problems. Users of these interfaces are recommended to upgrade to this release. Applications that use the native C++ library directly (this includes all well known desktop applications) are not affected by this bug and no changes to the native library have been made in this release. References: http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062164.html https://bugs.mageia.org/show_bug.cgi?id=7067
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA1-64-OK MGA1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0340
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED