Bug 20699

Summary: batik new security issue CVE-2017-5662
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: geiger.david68210
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://security-tracker.debian.org/tracker/CVE-2017-5662
Whiteboard:
Source RPM: batik-1.8-8.mga6.src.rpm CVE: CVE-2017-5662
Status comment:

Description David Walser 2017-04-19 01:59:36 CEST 
Upstream has issued an advisory today (April 18):
http://openwall.com/lists/oss-security/2017/04/18/1

The issue is fixed in 1.9.

Mageia 5 is also affected.
David Walser 2017-04-19 01:59:47 CEST

Whiteboard: (none) => MGA5TOO
CC: (none) => geiger.david68210

Nicolas Lécureuil 2017-04-22 21:44:13 CEST

URL: (none) => https://security-tracker.debian.org/tracker/CVE-2017-5662
CVE: (none) => CVE-2017-5662

Comment 1 David Walser 2017-05-10 04:26:59 CEST 
Fedora has issued an advisory for this today (May 9):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KPDLOK2DRJD3FVKIONDRJWLQNFR4MNWA/
Comment 2 Nicolas Lécureuil 2017-05-14 22:52:45 CEST 
Fixed in cauldron

Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5

Comment 3 David Walser 2017-12-27 05:02:05 CET 
We won't be fixing this type of package for Mageia 5.

Status: NEW => RESOLVED
Resolution: (none) => OLD