Bug 20274

Summary: mcabber new security issue CVE-2017-5604
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mike Rambo <mhrambo3501>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: mcabber-1.0.4-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-02-12 17:25:28 CET 
A security issue in mcabber has been announced on February 9:
http://openwall.com/lists/oss-security/2017/02/09/29

It sounds like the version in Mageia 5 is not affected.

The issue is fixed upstream in 1.0.5 and the commit that fixed it is linked in the message above.
Comment 1 Mike Rambo 2017-02-13 19:56:45 CET 
Updated to version 1.0.5 which fixed CVE-2017-5589 according to upstream. Also added the linked patch (which was not already applied to 1.0.5) which fixes CVE-2017-5604. Freeze push requested. Package built.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 2 David Walser 2017-02-21 11:56:53 CET 
LWN reference for CVE-2017-5589:
https://lwn.net/Vulnerabilities/714423/