Bug 14959

Summary: rabbitmq-server new security issue CVE-2014-9494
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Malo DeniƩlou <pmdenielou>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: rabbitmq-server-3.3.5-3.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-01-06 00:19:25 CET 
A CVE has been assigned for a security issue fixed upstream in 3.4.0:
http://openwall.com/lists/oss-security/2015/01/04/2

Fedora won't be issuing any updates for this, as the version they have are not affected.

The version we have in Cauldron is affected.  Mageia 4 is not affected.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-01-06 00:20:11 CET 
I added the upstream patches and fixed this in rabbitmq-server-3.3.5-4.mga5.

I mainly filed this bug to let the maintainer know, and just in case he wanted to take any further action, like updating this to 3.4.x as Fedora has in Rawhide.

Status: NEW => RESOLVED
Resolution: (none) => FIXED