Bug 20502

Summary:	tcpreplay new security issue CVE-2017-6429
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	All Packagers <pkg-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	marja11, nicolas.salguero
Version:	Cauldron
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	tcpreplay-4.1.0-2.mga6.src.rpm	CVE:
Status comment:

Description David Walser 2017-03-16 14:26:34 CET

Fedora has issued an advisory on March 15:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/26CZOIWYUHRBEAFQIK5YC53IMMYT7A4P/

Fedora added this patch:
http://pkgs.fedoraproject.org/cgit/rpms/tcpreplay.git/tree/tcpreplay-4.1.2-CVE-2017-6429.patch?h=f24&id=8abdbff7701f5df05dba62a6519d184f9b76a653

Comment 1 Marja Van Waes 2017-03-16 23:18:20 CET

Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2017-03-21 15:13:58 CET

tcpreplay-4.1.0-3.mga6 contains the patch indicated in comment 0.  As CVE-2017-6429 only affects Cauldron, I think I can close the bug report without asking for QA Team intervention.

Status: NEW => RESOLVED
CC: (none) => nicolas.salguero
Resolution: (none) => FIXED