| Summary: | flightgear, flightgear-data new security issues with nasal scripting language | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | José Jorge <lists.jjorge> |
| Status: | RESOLVED WONTFIX | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | lists.jjorge |
| Version: | 4 | ||
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/642647/ | ||
| Whiteboard: | |||
| Source RPM: | flightgear, flightgear-data | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-04-30 19:47:20 CEST
flightgear-3.4.0-2.mga5 and flightgear-data-3.4.0-2.mga5 uploaded for Cauldron. Debian believes older version to be vulnerable: https://security-tracker.debian.org/tracker/TEMP-0780712-D0DD02 Version:
Cauldron =>
4
Rémi Verschelde
2015-06-06 16:18:18 CEST
CC:
(none) =>
lists.jjorge Fedora did not bother patching FlightGear 2.12.0 in Fedora 20: http://pkgs.fedoraproject.org/cgit/FlightGear.git/log/FlightGear.spec?h=f20 I've had a look at how to patch our flightgear 2.12.1 in Mageia 4, but the involved code changed a lot in the 3.x branch, and I won't be able to make a patch that fixes the security issue without breaking the feature. The security issue does not seem very critical to me, so I'd be tempted to close this as WONTFIX. WDYT David? I think as we have fgfs 3.x in backports which is working, the better idea would be to provide flightgear-3.4.0-1.mga4 as an update, with simgear and co. But sorry, no time for that this days (I'm on strike at work ;-). Status:
NEW =>
ASSIGNED Yeah that's a possibility too. Assignee:
rverschelde =>
lists.jjorge I'd be OK with not fixing this. Closing as WONTFIX for now, the FlightGear version in Mageia 4 is now quite old and I'm not sure doing a late update to 3.4.0 would be good for users who play using the old version. It's still not fixed either in Fedora 20 nor Debian squeeze. Status:
ASSIGNED =>
RESOLVED |