| Summary: | egroupware new security issue CVE-2017-14920 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Nicolas Lécureuil <mageia> |
| Status: | RESOLVED INVALID | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | marja11, mhrambo3501 |
| Version: | 6 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | egroupware-1.8.007.20140506-8.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-09-29 21:26:06 CEST
David Walser
2017-09-29 21:26:16 CEST
Whiteboard:
(none) =>
MGA6TOO, MGA5TOO (In reply to David Walser from comment #0) > A CVE has been assigned for a security issue fixed upstream in egroupware: > http://openwall.com/lists/oss-security/2017/09/29/12 > http://openwall.com/lists/oss-security/2017/09/28/12 > > The message above contains a link to the commit that fixed the issue, which > was also fixed in the 16.1.20170922 release. > > Mageia 5 and Mageia 6 are also affected. > > This package has been unmaintained in Mageia for a few years and should > probably be dropped in Cauldron. Assigning to the registered maintainer. Assignee:
bugsquad =>
mageia Upstream patch doesn't apply as-is. I won't be fixing this for Mageia 5. Package dropped from Cauldron. Leaving open for Mageia 6 just in case someone ever wants to update this. Whiteboard:
MGA6TOO, MGA5TOO =>
(none) Upstream patch does not apply. Three of the four files being patched do not exist in 1.8.007.20140506, and while the fourth file is there, the patch does not apply. The changes in that fourth section reference a variable which does not appear anywhere else in the source tree. The patch, and perhaps this CVE, appears invalid for this version. CC:
(none) =>
mrambo |