Bug 20661

Summary: slrn new security issue CVE-2014-3566
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Remco Rijnders <remco>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia, marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: slrn-1.0.1-6.mga6.src.rpm CVE: CVE-2014-3566
Status comment:

Description David Walser 2017-04-14 21:52:19 CEST 
openSUSE has issued an advisory on April 11:
https://lists.opensuse.org/opensuse-updates/2017-04/msg00040.html

This is another POODLE issue.  SSLv3 needs to be disabled.
Comment 1 Marja Van Waes 2017-04-15 09:50:17 CEST 
Assigning to the registered maintainer.

Assignee: bugsquad => remco
CC: (none) => marja11

Nicolas Lécureuil 2017-04-22 22:22:28 CEST

CC: (none) => mageia
CVE: (none) => CVE-2014-3566

Comment 2 Nicolas Lécureuil 2017-04-22 22:34:12 CEST 
fixed in cauldron

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 Remco Rijnders 2017-07-24 13:39:40 CEST 
Many thanks for fixing this Nicolas. We should also release an update for Mageia 5 for this.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 4 David Walser 2017-07-24 13:48:50 CEST 
We could make an update for Mageia 5 for this, but these kinds of issues by themselves aren't really worth pushing updates for.  The important thing was to fix it for Mageia 6.  I suggest just checking the fix into Mageia 5 SVN and it will go out if we have any other reason to update it.  If you really want to push an update just for this, please set the version to 5.

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED