Bug 15023

Summary: smack new security CVE-2014-0364
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: D Morgan <dmorganec>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: 4   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/629238/
Whiteboard:
Source RPM: smack-3.2.2-4.1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-01-12 19:03:51 CET 
Fedora has issued an advisory on January 3:
https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147885.html

Fedora addressed it in Fedora 21 by upgrading from 3.2.2 to 4.0.6.  I'm not sure if that would be appropriate for Mageia 4.  It may be best to wait and see what Fedora does in Fedora 20.

Cauldron is currently not affected as this package has been removed from there.  Hopefully it won't be reintroduced.

The RedHat bug links upstream commits that they believe fixed this:
https://bugzilla.redhat.com/show_bug.cgi?id=1093276

Reproducible: 

Steps to Reproduce:
David Walser 2015-01-12 19:15:33 CET

URL: (none) => http://lwn.net/Vulnerabilities/629238/

Comment 1 David Walser 2015-09-02 17:36:37 CEST 
With only a couple of weeks remaining in Mageia 4's lifetime, we don't have time to fix this and test it.  This package has been dropped and no longer exists in Mageia as of Mageia 5.  Closing this as OLD.

Status: NEW => RESOLVED
Resolution: (none) => OLD