Fedora has issued an advisory on February 14: http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099334.html Cauldron is not affected as it was fixed upstream. Patched package uploaded for Mageia 2. Advisory: ======================== Updated pixman packages fix security vulnerability: Stack-based buffer overflow in libpixman has unspecified impact and attack vectors (CVE-2013-1591). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591 http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099334.html ======================== Updated packages in core/updates_testing: ======================== libpixman1_0-0.24.4-1.1.mga2 libpixman-devel-0.24.4-1.1.mga2 from pixman-0.24.4-1.1.mga2.src.rpm Reproducible: Steps to Reproduce:
Testing complete on Mageia 2 i586 and x86_64. No poc, so just testing that firefox is working ok, with strace confirming the library is being used. Could someone from the sysadmin team push the srpm pixman-0.24.4-1.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated pixman packages fix security vulnerability: Stack-based buffer overflow in libpixman has unspecified impact and attack vectors (CVE-2013-1591). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591 http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099334.html https://bugs.mageia.org/show_bug.cgi?id=9198
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED