Bug 19842

Summary: testdisk new buffer overflow security issue
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Sander Lepik <mageia>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://lwn.net/Vulnerabilities/707214/
Whiteboard: MGA5TOO
Source RPM: testdisk-7.0-4.mga6.src.rpm CVE:
Status comment:

Description David Walser 2016-11-25 19:01:47 CET 
Gentoo has issued an advisory on November 22:
https://security.gentoo.org/glsa/201611-20

Mageia 5 is also affected.
David Walser 2016-11-25 19:02:12 CET

Whiteboard: (none) => MGA5TOO

Comment 1 Sander Lepik 2016-11-26 12:15:45 CET 
Are You really sure that we are affected?

http://www.cgsecurity.org/wiki/TestDisk_7.0_Release already lists the pdf mentioned in Gentoo's bugzilla. I don't see any new releases after that. AFAIK we already upgraded mga5 to version 7 to fix that issue.

See this bug: https://bugs.mageia.org/show_bug.cgi?id=15888
Comment 2 Nicolas Lécureuil 2016-11-26 14:51:16 CET 
i confirm that for me cauldron and mga5 are fixed.


Please reopen if we are wrong.

Status: NEW => RESOLVED
CC: (none) => mageia
Resolution: (none) => FIXED