Bug 22906

Summary: nghttp2 new security issue CVE-2018-1000168
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: guillomovitch, marja11, oe, pterjan, smelror
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: nghttp2-1.25.0-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2018-04-14 03:37:52 CEST 
An advisory has been issued today (April 13):
http://openwall.com/lists/oss-security/2018/04/12/4

The issue was fixed upstream in 1.31.1.

Mageia 6 is not affected.
Comment 1 Marja Van Waes 2018-04-14 07:10:23 CEST 
Assigning to all packagers collectively, since the registered maintainer for this package seems still unavailable.

CC'ing the maintainer and the last two pushers of the package.

Assignee: bugsquad => pkg-bugs
CC: (none) => guillomovitch, marja11, pterjan

Marja Van Waes 2018-04-14 08:32:19 CEST

CC: (none) => oe

Comment 2 Stig-Ørjan Smelror 2018-04-18 19:52:49 CEST 
nghttp2 1.31.1 has been pushed to Cauldron.

Had to disable the tests as they kept failing in iurt, but always ran successfully when build locally.

Cheers,
Stig

CC: (none) => smelror

Comment 3 David Walser 2018-04-19 13:31:51 CEST 
Fixed in nghttp2-1.31.1-1.mga7.

Resolution: (none) => FIXED
Status: NEW => RESOLVED