Bug 17320

Summary: pax-utils several security-related fixes in 1.1.4 and 1.2.1
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Thierry Vignaud <thierry.vignaud>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/667467/
Whiteboard:
Source RPM: pax-utils-0.8.1-3.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-12-10 17:06:50 CET 
Fedora has issued an advisory on December 9:
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173515.html

I'm not sure how important any of these fixes are or if we should update the Mageia 5 package as well, I'll leave that to the maintainer to evaluate.  The Cauldron package should be updated at the very least.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2017-02-01 12:28:48 CET 
Two more issues fixed in 1.2.1 (1.2.2 fixes some regressions):
http://openwall.com/lists/oss-security/2017/02/01/4
http://openwall.com/lists/oss-security/2017/02/01/5

Summary: pax-utils several security-related fixes in 1.1.4 => pax-utils several security-related fixes in 1.1.4 and 1.2.1

Comment 3 David Walser 2017-02-25 18:20:06 CET 
Another issue that will be fixed in 1.2.3 (with commit links):
http://openwall.com/lists/oss-security/2017/02/25/1
Comment 4 Nicolas Lécureuil 2017-04-22 21:54:00 CEST 
thierry some thoughs about this issue ?

CC: (none) => mageia

Comment 5 Nicolas Lécureuil 2017-04-27 18:15:19 CEST 
updated on cauldron

Status: NEW => RESOLVED
Resolution: (none) => FIXED