| Summary: | curl new security issue CVE-2015-3153 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Shlomi Fish <shlomif> |
| Status: | RESOLVED WONTFIX | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | mageia, mageia |
| Version: | 4 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/642638/ | ||
| Whiteboard: | OK | ||
| Source RPM: | curl-7.34.0-1.6.mga4.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-04-29 18:48:38 CEST
Debian and Ubuntu have issued advisories for this on April 29 and 30: https://www.debian.org/security/2015/dsa-3240 http://www.ubuntu.com/usn/usn-2591-1/ Debian has not fixed the issue in Wheezy, nor has Ubuntu fixed it for older versions. It appears, due to the invasive changes in 7.37.0 that the fixes rely on, Debian and Ubuntu will not be backporting fixes to versions older than that. Indeed, Ubuntu's CVE page for this suggests just that: http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3153.html In all likelihood, we won't be fixing this for Mageia 4 either. URL:
(none) =>
http://lwn.net/Vulnerabilities/642638/ curl-7.40.0-3.mga5 uploaded for Cauldron.
Sander Lepik
2015-05-03 17:16:44 CEST
CC:
(none) =>
mageia
Shlomi Fish
2015-05-07 15:40:42 CEST
Whiteboard:
(none) =>
OK closing as wontfix for mga4 then Status:
NEW =>
RESOLVED |