Bug 21092

Summary: libgcrypt new security issue CVE-2017-9526
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libgcrypt-1.7.6-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-06-15 01:55:45 CEST 
Debian has issued an advisory today (June 14):
https://www.debian.org/security/2017/dsa-3880

The issue was fixed upstream in 1.7.7:
https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000406.html

I haven't read anything yet that indicates that 1.5.x is affected, but I'm filing this bug when I can re-open later if anything comes to light.  Otherwise it will document that I already fixed this in Cauldron.
Comment 1 David Walser 2017-06-15 01:56:00 CEST 
Fixed in libgcrypt-1.7.7-1.mga6.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

David Walser 2017-07-07 04:21:30 CEST

Depends on: (none) => 21178

Comment 2 David Walser 2017-07-07 04:21:59 CEST 
Re-opening for Mageia 5.

Version: Cauldron => 5
Resolution: FIXED => (none)
Status: RESOLVED => REOPENED

Comment 3 Marja Van Waes 2017-07-07 13:45:59 CEST 
Assigning to all packagers collectively, since there is no registered maintainer for this package.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Marja Van Waes 2017-07-07 13:47:02 CEST

QA Contact: (none) => security
Component: RPM Packages => Security

Comment 4 David Walser 2017-07-08 20:09:28 CEST 
Upon further examination of the Ubuntu advisory, this one doesn't affect Mageia 5.

Version: 5 => Cauldron
Status: REOPENED => RESOLVED
Depends on: 21178 => (none)
Resolution: (none) => FIXED