Bug 12065

Summary: ack new security issue CVE-2013-7069
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Jerome Quelin <jquelin>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/577887/
Whiteboard:
Source RPM: ack-2.100.0-2.mga4.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 11726    

Description David Walser 2013-12-20 23:24:11 CET 
Fedora has issued an advisory on December 11:
https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124539.html

The issue is fixed upstream in 2.12.

Mageia 3 is not affected.

Reproducible: 

Steps to Reproduce:
David Walser 2013-12-20 23:25:48 CET

Blocks: (none) => 11726

Comment 1 Sander Lepik 2014-01-03 18:22:43 CET 
I leave it up to Jerome to decide if this should be patched or upgraded as there are quite a few changes since 2.10.. Not sure if they break something or not.

Assignee: mageia => jquelin

Comment 2 David Walser 2014-01-23 20:33:06 CET 
Seeing as Fedora updated to 2.12, I'd expect it to be OK.  The update didn't require any SPEC file changes for Fedora (other than updating the version number):
http://pkgs.fedoraproject.org/cgit/ack.git/commit/?id=286d8b3a7c668cb160f73273e1b83cc1abd3924e

I see no value in shipping a vulnerable version when it can be fixed this easily.
Comment 3 David Walser 2014-01-24 20:41:22 CET 
Fixed in ack-2.120.0-1.mga4.

Status: NEW => RESOLVED
Resolution: (none) => FIXED