Bug 14811

Summary: gnustep-base new security issue CVE-2014-2980
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: pterjan
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/626438/
Whiteboard:
Source RPM: gnustep-base-1.24.4-10.mga5.src.rpm CVE:
Status comment:

Description David Walser 2014-12-15 21:26:54 CET 
Gentoo has issued an advisory on December 13:
http://www.gentoo.org/security/en/glsa/glsa-201412-20.xml

The upstream patch is linked from the Gentoo bug:
https://bugs.gentoo.org/show_bug.cgi?id=508370

Mageia 4 is also affected.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2014-12-15 21:27:38 CET 
I see that Pascal updated to 1.24.6 in SVN.  Maybe it didn't build.

Blocks: (none) => 14674
Whiteboard: (none) => MGA4TOO
CC: (none) => pterjan

Comment 2 Pascal Terjan 2014-12-16 14:56:11 CET 
Indeed I have the build failure email but logs are long gone.
It builds fine here (inside iurt), so I guess something else was broken and I forgot to re-submit it.
Comment 3 Nicolas Lécureuil 2014-12-23 01:38:47 CET 
pushed and built in cauldron.

Still needed in mga4 ?
Comment 4 David Walser 2014-12-23 01:42:14 CET 
Still needed in both actually.  Even 1.24.6 needs to be patched.
Comment 5 Nicolas Lécureuil 2014-12-23 22:41:10 CET 
oh ok, i will look then.
Comment 6 Nicolas Lécureuil 2015-01-04 21:49:55 CET 
fixed in svn and in the BS

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 7 David Walser 2015-01-04 23:05:18 CET 
Thanks Nicolas!

Fixed in gnustep-base-1.24.6-4.mga5.

The package isn't actually in Mageia 4 after all, so this is indeed FIXED.

Whiteboard: MGA4TOO => (none)
Blocks: 14674 => (none)