| Summary: | rpm new security issues | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | ngompa13, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/685287/ | ||
| Whiteboard: | advisory MGA5-64-OK MGA5-32-OK | ||
| Source RPM: | rpm-4.12.0.1-20.4.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-04-27 18:22:50 CEST
Submitted to mga5 Suggested advisory: =================== This update fix two bugs in rpm: * Fix sigsegv in stringFormat() (rhbz#1316903) * Fix reading rpmtd behind its size in formatValue() (rhbz#1316896) List of packages: ================= lib64rpmbuild3-4.12.0.1-20.5.5mga5.x86_64.rpm lib64rpm-devel-4.12.0.1-20.5.5mga5.x86_64.rpm lib64rpmsign3-4.12.0.1-20.5.5mga5.x86_64.rpm python3-rpm-4.12.0.1-20.5.5mga5.x86_64.rpm python-rpm-4.12.0.1-20.5.5mga5.x86_64.rpm rpm-4.12.0.1-20.5.5mga5.x86_64.rpm rpm-build-4.12.0.1-20.5.5mga5.x86_64.rpm rpm-sign-4.12.0.1-20.5.5mga5.x86_64.rpm Assignee:
thierry.vignaud =>
qa-bugs Added %autosetup/%autopatch fixes Suggested advisory: =================== This update fixes two bugs in rpm: * Fix sigsegv in stringFormat() (rhbz#1316903) * Fix reading rpmtd behind its size in formatValue() (rhbz#1316896) In addition, fixes to the %autosetup and %autopatch macros were backported from Cauldron to solve the following issues: * %autopatch would not throw an error in the event a patch did not exist * %autosetup would not correctly process sources and patches, causing issues with rpmspec * %autopatch was not respecting the default patch application settings References: https://bugzilla.redhat.com/show_bug.cgi?id=1316903 https://bugzilla.redhat.com/show_bug.cgi?id=1316896 Updated packages in core/updates_testing: ================= lib64rpmbuild3-4.12.0.1-20.6.mga5 lib64rpm-devel-4.12.0.1-20.6.mga5 lib64rpmsign3-4.12.0.1-20.6.mga5 python3-rpm-4.12.0.1-20.6.mga5 python-rpm-4.12.0.1-20.6.mga5 rpm-build-4.12.0.1-20.6.mga5 rpm-sign-4.12.0.1-20.6.mga5 rpm-4.12.0.1-20.6.mga5 From SRPMS: rpm-4.12.0.1-20.6.mga5.src.rpm CC:
(none) =>
ngompa13 Removed patch flags patch Suggested advisory: =================== This update fixes two bugs in rpm: * Fix sigsegv in stringFormat() (rhbz#1316903) * Fix reading rpmtd behind its size in formatValue() (rhbz#1316896) In addition, fixes to the %autosetup and %autopatch macros were backported from Cauldron to solve the following issues: * %autopatch would not throw an error in the event a patch did not exist * %autosetup would not always correctly process sources and patches * %autopatch was not respecting the patch fuzz settings References: https://bugzilla.redhat.com/show_bug.cgi?id=1316903 https://bugzilla.redhat.com/show_bug.cgi?id=1316896 Updated packages in core/updates_testing: ================= lib64rpmbuild3-4.12.0.1-20.7.mga5 lib64rpm-devel-4.12.0.1-20.7.mga5 lib64rpmsign3-4.12.0.1-20.7.mga5 python3-rpm-4.12.0.1-20.7.mga5 python-rpm-4.12.0.1-20.7.mga5 rpm-build-4.12.0.1-20.7.mga5 rpm-sign-4.12.0.1-20.7.mga5 rpm-4.12.0.1-20.7.mga5 From SRPMS: rpm-4.12.0.1-20.7.mga5.src.rpm Grr... Incomplete advisory Suggested advisory: =================== This update fixes two bugs in rpm: * Fix sigsegv in stringFormat() (rhbz#1316903) * Fix reading rpmtd behind its size in formatValue() (rhbz#1316896) In addition, fixes to the %autosetup and %autopatch macros were backported from Cauldron to solve the following issues: * %autopatch would not throw an error in the event a patch did not exist * %autosetup would not always correctly process sources and patches * %autopatch was not respecting the patch fuzz settings References: https://bugzilla.redhat.com/show_bug.cgi?id=1316903 https://bugzilla.redhat.com/show_bug.cgi?id=1316896 Updated packages in core/updates_testing: ================= lib64rpmbuild3-4.12.0.1-20.7.mga5 lib64rpm-devel-4.12.0.1-20.7.mga5 lib64rpmsign3-4.12.0.1-20.7.mga5 librpmbuild3-4.12.0.1-20.7.mga5 librpm-devel-4.12.0.1-20.7.mga5 librpmsign3-4.12.0.1-20.7.mga5 python3-rpm-4.12.0.1-20.7.mga5 python-rpm-4.12.0.1-20.7.mga5 rpm-build-4.12.0.1-20.7.mga5 rpm-sign-4.12.0.1-20.7.mga5 rpm-4.12.0.1-20.7.mga5 From SRPMS: rpm-4.12.0.1-20.7.mga5.src.rpm It sounds like this is going to be best tested by packagers, have you done so Neal, Thierry? or David :) I tested it and reported the issue that Neal just fixed. I'll test it again today once the latest build is available and I have a couple minutes. Confirmed the autopatch works correctly now. rpm itself still functions too. The autopatch fixes shouldn't be arch-dependent, so a quick general rpm usage test on i586 should suffice for this. Whiteboard:
(none) =>
MGA5-64-OK Confirmed on my end with i586 rpm. Whiteboard:
MGA5-64-OK =>
MGA5-64-OK MGA5-32-OK Thanks. Validating then. Keywords:
(none) =>
validated_update Advisory uploaded. Whiteboard:
MGA5-64-OK MGA5-32-OK =>
advisory MGA5-64-OK MGA5-32-OK An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGAA-2016-0069.html Status:
NEW =>
RESOLVED |