Bug 22069

Summary: perl-XML-LibXML new security issue CVE-2017-10672
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Shlomi Fish <shlomif>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA5TOO
Source RPM: perl-XML-LibXML CVE:
Status comment:

Description David Walser 2017-11-22 19:41:25 CET 
Debian has issued an advisory on November 19:
https://www.debian.org/security/2017/dsa-4042

Mageia 5 and Mageia 6 are also affected.
Comment 1 Marja Van Waes 2017-11-22 20:55:58 CET 
Assigning to the registered maintainer.

Whiteboard: (none) => MGA6TOO, MGA5TOO
CC: (none) => marja11
Assignee: bugsquad => shlomif

Shlomi Fish 2017-11-22 22:28:42 CET

Source RPM: perl-libxml-perl-0.80.0-8.mga6.src.rpm => perl-XML-LibXML
Summary: perl-libxml-perl new security issue CVE-2017-10672 => perl-XML-LibXML new security issue CVE-2017-10672

Comment 2 Shlomi Fish 2017-11-22 22:30:12 CET 
The correct package in mageia is perl-XML-LibXML and I am its upstream maintainer.
Comment 3 Shlomi Fish 2017-11-22 22:41:09 CET 
The version in cauldron already includes the fix.

Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Version: Cauldron => 6

Comment 4 Shlomi Fish 2017-11-22 22:47:27 CET 
seems like a duplicate of https://bugs.mageia.org/show_bug.cgi?id=21332 .

*** This bug has been marked as a duplicate of bug 21332 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Comment 5 David Walser 2017-11-22 23:43:06 CET 
Ahh yes, good catch.  Debian's naming of their perl packages is horribly unhelpful.