Bug 20692

Summary: backintime new security issue CVE-2017-7572
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: David GEIGER <geiger.david68210>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: mageia
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: backintime-1.1.12-3.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-04-17 22:22:17 CEST 
Fedora has issued an advisory today (April 17):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z4KPDOHYXXLZC3SBQSGCQE5AOZCRTP6P/

The issue is fixed in 1.1.20.  The upstream commit to fix it is linked from:
https://bugzilla.redhat.com/show_bug.cgi?id=1441584

Mageia 5 is also affected.
David Walser 2017-04-17 22:22:25 CEST

Whiteboard: (none) => MGA5TOO

David Walser 2017-04-17 22:39:56 CEST

QA Contact: (none) => security
Component: RPM Packages => Security

Nicolas Lécureuil 2017-04-22 22:15:29 CEST

Whiteboard: MGA5TOO => (none)
CC: (none) => mageia

Comment 1 Nicolas Lécureuil 2017-04-22 22:18:19 CEST 
Fixed in cauldron, and mga5 is not affected.

Resolution: (none) => FIXED
Status: NEW => RESOLVED