Bug 20122

Summary: rabbitmq-server new security issue CVE-2016-9877
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://lwn.net/Vulnerabilities/711583/
Whiteboard:
Source RPM: rabbitmq-server-3.6.2-4.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-01-15 00:11:56 CET 
Debian has issued an advisory on January 13:
https://www.debian.org/security/2017/dsa-3761

The issue is fixed upstream in 3.6.6.
Comment 1 David Walser 2017-03-20 10:56:53 CET 
Fedora has issued an advisory for this on March 19:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FUIFBLEJTOUQXJ2PKWMACABFWNZFPUT5/
Comment 2 Nicolas Lécureuil 2017-05-16 00:08:02 CEST 
Fixed in cauldron

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 David Walser 2017-05-16 15:00:37 CEST 
Upload rejected:
http://pkgsubmit.mageia.org/uploads/rejected/cauldron/core/release/20170515220756.neoclust.duvel.22962.youri

The package should be changed to use /run/rabbitmq and a tmpfiles snippet needs to be made to create it.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 4 David Walser 2017-05-16 16:56:36 CEST 
Now fixed in rabbitmq-server-3.6.9-1.mga6 by Nicolas.

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED