Bug 20229

Summary: ntfs-3g new security issue CVE-2017-0358
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Base system maintainers <basesystem>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11, pkg-bugs
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://lwn.net/Vulnerabilities/713420/
Whiteboard:
Source RPM: ntfs-3g-2016.2.22-3.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-02-01 12:32:21 CET 
A security issue in ntfs-3g has been announced:
http://openwall.com/lists/oss-security/2017/02/01/8

The patch to fix the issue is included in the message above.

Mageia 5 is also affected.
David Walser 2017-02-01 12:32:36 CET

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2017-02-01 15:25:03 CET 
Assigning to the Base system maintainers, but CC'ing all packagers collectively, because there's only one registered member of the Base system group
https://wiki.mageia.org/en/Maintainer_groups#List_of_groups

CC: (none) => marja11, pkg-bugs
Assignee: bugsquad => basesystem

Comment 2 David Walser 2017-02-02 01:00:41 CET 
It's not installed setuid root in Mageia, so this is INVALID.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Comment 3 David Walser 2017-02-03 00:12:06 CET 
Patch added in Cauldron to benefit anyone who might add the SUID bit themselves.

URL: (none) => https://lwn.net/Vulnerabilities/713420/
Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)