Bug 10946

Summary:	Updated raptor2 packages fix a security vulnerability CVE-2020-25713
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Zombie Ryushu <zombie.ryushu>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	alzim, andrey.bondrov, denis.silakov, e.malashin, m.novosyolov, mc2374, pastordidi, v.potapov
Version:	All	Flags:	v.potapov: qa_verified+ m.novosyolov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	https://advisories.mageia.org/MGASA-2020-0431.html
Whiteboard:
Platform:	2016.1	ROSA Vulnerability identifier:	CVE-2017-18926 CVE-2020-25713
RPM Package:	raptor2-2.0.15-3.src.rpm	ISO-related:
Bad POT generating:		Upstream:

Description Zombie Ryushu 2020-11-22 03:24:36 MSK

A malformed input file can lead to a segfault due to an out of bounds array
access in raptor_xml_writer_start_element_common. (CVE-2020-25713)

Comment 1 Giovanni Mariani 2020-12-15 12:22:08 MSK

There is also CVE-2017-18926...

Comment 2 Giovanni Mariani 2020-12-15 12:43:19 MSK

Advisory:
Fix CVE-2017-18926 and CVE-2020-25713 in raptor2 library.
The same changed was pushed in the 2019.1 branch.
No need to rebuild depending packages.

Packages for Rosa 2016.1 / Main:
https://abf.rosalinux.ru/build_lists/3611254
https://abf.rosalinux.ru/build_lists/3611255

Comment 3 e.malashin@rosalinux.ru 2020-12-22 17:13:35 MSK

**************************************
The update is sent to expanded testing

Comment 4 Vladimir Potapov 2020-12-29 04:56:06 MSK

raptor2-2.0.15-4
https://abf.rosalinux.ru/build_lists/3611254
https://abf.rosalinux.ru/build_lists/3611255
****************************** Advisory ******************************
Fix CVE-2017-18926 and CVE-2020-25713 in raptor2 library.
**********************************************************************
QA Verified