Bug 20700

Summary: fop new security issue CVE-2017-5661
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: geiger.david68210
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://security-tracker.debian.org/tracker/CVE-2017-5661
Whiteboard:
Source RPM: fop-2.0-5.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-04-19 02:01:10 CEST 
Upstream has issued an advisory today (April 18):
http://openwall.com/lists/oss-security/2017/04/18/2

The issue is fixed in 2.2.

Mageia 5 is also affected.
David Walser 2017-04-19 02:01:23 CEST

CC: (none) => geiger.david68210
Whiteboard: (none) => MGA5TOO

Nicolas Lécureuil 2017-04-22 21:45:21 CEST

URL: (none) => https://security-tracker.debian.org/tracker/CVE-2017-5661

Comment 1 David Walser 2017-05-10 12:17:25 CEST 
Ubuntu has issued an advisory for this on May 9:
https://www.ubuntu.com/usn/usn-3281-1/
Comment 2 David Walser 2017-06-05 00:59:06 CEST 
Fixed for Cauldron in fop-2.0-7.mga6.

Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5

Comment 3 David Walser 2017-12-27 05:02:15 CET 
We won't be fixing this type of package for Mageia 5.

Status: NEW => RESOLVED
Resolution: (none) => OLD