Bug 11624

Summary: ruby-ruby-openid new security issue CVE-2013-1812
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: fundawang, shikamaru
Version: 2   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/573328/
Whiteboard:
Source RPM: ruby-ruby-openid-2.1.8-1.mga1.src.rpm CVE:
Status comment:

Description David Walser 2013-11-08 18:42:49 CET 
Fedora has issued an advisory on October 30:
https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120204.html

According to a comment on the RedHat bug, the issue was fixed upstream in 2.2.2, which would mean Mageia 3 and Cauldron are not affected.  Mageia 2 may be:
https://bugzilla.redhat.com/show_bug.cgi?id=918134

Reproducible: 

Steps to Reproduce:
David Walser 2013-11-08 18:43:08 CET

CC: (none) => fundawang, shikamaru

Comment 1 David Walser 2013-11-22 16:04:16 CET 
Closing this now due to Mageia 2 EOL.

http://blog.mageia.org/en/2013/11/21/farewell-mageia-2/

Status: NEW => RESOLVED
Resolution: (none) => OLD