Bug 21470

Summary: swftools new security issue CVE-2017-8401
Product: Mageia Reporter: Rémi Verschelde <rverschelde>
Component: SecurityAssignee: Matteo Pasotti <matteo.pasotti>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: herman.viaene, luigiwalser, qa-bugs, security, sysadmin-bugs, tarazed25, wilcal.int
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6TOO MGA5TOO
Source RPM: swftools-0.9.2-7.mga5.src.rpm CVE:
Status comment:

Description Rémi Verschelde 2017-08-08 08:13:34 CEST 
+++ This bug was initially created as a clone of Bug #20846 +++

openSUSE has issued an advisory on May 10:
https://lists.opensuse.org/opensuse-updates/2017-05/msg00034.html

CVE-2017-8400 was fixed in bug 20846 but CVE-2017-8401 is still unfixed upstream: https://github.com/matthiaskramm/swftools/issues/14
Rémi Verschelde 2017-08-08 08:14:14 CEST

Assignee: bugsquad => matteo.pasotti
Keywords: validated_update => (none)
Whiteboard: (none) => MGA6TOO MGA5TOO

Rémi Verschelde 2017-08-08 08:14:26 CEST

Depends on: 20846 => (none)

Comment 1 David Walser 2017-12-29 05:44:52 CET 
We included upstream's attempt to fix this in the previous update.

*** This bug has been marked as a duplicate of bug 20846 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED