Bug 14525

Summary: zeromq new security issues CVE-2014-7202 and CVE-2014-7203
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Barry Jackson <zen25000>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/619814/
Whiteboard:
Source RPM: zeromq-4.0.4-2.mga5.src.rpm CVE:
Status comment:

Description David Walser 2014-11-13 15:18:49 CET 
OpenSuSE has issued an advisory on November 10:
http://lists.opensuse.org/opensuse-updates/2014-11/msg00027.html

The issues are fixed upstream in 4.0.5.

Mageia 3 and Mageia 4 are also affected.

Reproducible: 

Steps to Reproduce:
David Walser 2014-11-13 15:18:56 CET

Whiteboard: (none) => MGA4TOO, MGA3TOO

Comment 1 David Walser 2014-11-13 21:19:36 CET 
Looking more closely at this, I believe only the Cauldron version is affected.

Whiteboard: MGA4TOO, MGA3TOO => (none)

Comment 2 Barry Jackson 2014-11-13 21:27:37 CET 
Good - thanks.
Comment 3 Barry Jackson 2014-11-13 22:57:22 CET 
New version committed and will request freeze push.

Will require rebuild of python-pyzmq and gnuradio when it's pushed.
Comment 4 David Walser 2014-11-16 00:25:42 CET 
Fixed in zeromq-4.0.5-1.mga5.  Thanks Barry!

Status: NEW => RESOLVED
Resolution: (none) => FIXED