Bug 22835

Summary:	slf4j new security issue CVE-2018-8088
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	Java Stack Maintainers <java>
Status:	RESOLVED OLD	QA Contact:	Sec team <security>
Severity:	critical
Priority:	Normal	CC:	mhrambo3501, zombie_ryushu
Version:	6
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	slf4j-1.7.22-1.mga6.src.rpm	CVE:
Status comment:	Patch available from Fedora and CentOS
Bug Depends on:
Bug Blocks:	22859

Description David Walser 2018-03-27 15:28:08 CEST

RedHat has issued an advisory on March 26:
https://access.redhat.com/errata/RHSA-2018:0592

Mageia 5 and Mageia 6 are also affected.

David Walser 2018-03-27 15:28:30 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2018-03-31 22:30:59 CEST

Fedora has issued advisories for this on March 29 and 30:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6VGQ5JU7NURXRAXG5A2REZXKHTHATDBM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DFTLQRWUBHMVZKL3JVSK7NADGGSDIPMP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MYGF2Q4UCL7WNHRYZ47XIEMO7COSLKC4/

David Walser 2018-05-04 08:35:33 CEST

Status comment: (none) => Patch available from Fedora and CentOS

Comment 2 David Walser 2018-06-10 20:12:33 CEST

openSUSE has issued an advisory for this on June 9:
https://lists.opensuse.org/opensuse-updates/2018-06/msg00050.html

Comment 3 David Walser 2019-01-01 05:05:10 CET

slf4j-1.7.25-1.mga7 uploaded for Cauldron by David Geiger to fix this.

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

David Walser 2019-02-20 23:26:24 CET

Blocks: (none) => 22859

Comment 4 Mike Rambo 2019-11-06 13:23:15 CET

Mageia 6 is EOL.

Status: NEW => RESOLVED
CC: (none) => mrambo
Resolution: (none) => OLD

Comment 5 David Walser 2020-12-23 17:59:38 CET

*** Bug 27915 has been marked as a duplicate of this bug. ***

CC: (none) => zombie_ryushu