Bug 22954

Summary: tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796, CVE-2018-17197, CVE-2019-10088, CVE-2019-10094, CVE-2020-195[01], CVE-2021-28657
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: mageia, zombie_ryushu
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: tika-1.17-1.mga7.src.rpm CVE:
Status comment: Fixed upstream in 1.26
Bug Depends on:    
Bug Blocks: 18557    

Description David Walser 2018-04-26 13:53:16 CEST 
Upstream has issued advisories on April 25:
http://openwall.com/lists/oss-security/2018/04/25/6
http://openwall.com/lists/oss-security/2018/04/25/7
http://openwall.com/lists/oss-security/2018/04/25/8

The issues are fixed upstream in 1.18.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-04-26 13:53:27 CEST

Whiteboard: (none) => MGA6TOO

David Walser 2018-05-04 08:27:05 CEST

Status comment: (none) => Fixed upstream in 1.18

Comment 1 David Walser 2018-09-19 23:20:11 CEST 
Upstream has issued advisories today (September 19):
https://www.openwall.com/lists/oss-security/2018/09/19/4
https://www.openwall.com/lists/oss-security/2018/09/19/5
https://www.openwall.com/lists/oss-security/2018/09/19/6

The issues are fixed upstream in 1.19.

Summary: tika new security issues CVE-2018-133[589] => tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12]
Status comment: Fixed upstream in 1.18 => Fixed upstream in 1.19
Blocks: (none) => 18557

Comment 2 David Walser 2018-10-10 16:34:33 CEST 
Upstream has issued an advisory on October 9:
https://www.openwall.com/lists/oss-security/2018/10/09/7

The issue is fixed upstream in 1.19.1.

Summary: tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12] => tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796
Status comment: Fixed upstream in 1.19 => Fixed upstream in 1.19.1

Comment 3 David Walser 2018-12-23 00:20:21 CET 
Upstream has issued an advisory today (December 22):
https://www.openwall.com/lists/oss-security/2018/12/22/2

The issue is fixed upstream in 1.20.

Source RPM: tika-1.12-1.mga6.src.rpm => tika-1.17-1.mga7.src.rpm
Status comment: Fixed upstream in 1.19.1 => Fixed upstream in 1.20
Summary: tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796 => tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796, CVE-2018-17197

David Walser 2019-06-23 19:29:59 CEST

Whiteboard: MGA6TOO => MGA7TOO, MGA6TOO

Comment 4 David Walser 2019-08-06 12:51:59 CEST 
Upstream has issued advisories on August 2:
https://www.openwall.com/lists/oss-security/2019/08/02/2
https://www.openwall.com/lists/oss-security/2019/08/02/4

The issues are fixed upstream in 1.22.

Status comment: Fixed upstream in 1.20 => Fixed upstream in 1.22
Summary: tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796, CVE-2018-17197 => tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796, CVE-2018-17197, CVE-2019-10088, CVE-2019-10094

Comment 5 David Walser 2020-03-18 23:26:22 CET 
Upstream has issued advisories today (March 18):
https://www.openwall.com/lists/oss-security/2020/03/18/3
https://www.openwall.com/lists/oss-security/2020/03/18/4

The issues are fixed upstream in 1.24.

Status comment: Fixed upstream in 1.22 => Fixed upstream in 1.24

Comment 6 David Walser 2020-03-31 22:31:12 CEST 
(In reply to David Walser from comment #5)
> Upstream has issued advisories today (March 18):
> https://www.openwall.com/lists/oss-security/2020/03/18/3
> https://www.openwall.com/lists/oss-security/2020/03/18/4
> 
> The issues are fixed upstream in 1.24.

Debian-LTS has issued an advisory for this on March 28:
https://www.debian.org/lts/security/2020/dla-2161

Summary: tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796, CVE-2018-17197, CVE-2019-10088, CVE-2019-10094 => tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796, CVE-2018-17197, CVE-2019-195[01], CVE-2019-10088, CVE-2019-10094

Nicolas Lécureuil 2020-05-22 14:06:51 CEST

CC: (none) => mageia
Whiteboard: MGA7TOO, MGA6TOO => MGA7TOO

Comment 7 David Walser 2020-10-13 18:35:14 CEST 
Ubuntu has issued an advisory for this on October 5:
https://ubuntu.com/security/notices/USN-4564-1

Summary: tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796, CVE-2018-17197, CVE-2019-195[01], CVE-2019-10088, CVE-2019-10094 => tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796, CVE-2018-17197, CVE-2019-10088, CVE-2019-10094, CVE-2020-195[01]

Comment 8 Nicolas Lécureuil 2020-12-26 23:25:26 CET 
not in cauldron anymore

Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

Comment 9 David Walser 2021-01-13 17:46:52 CET 
*** Bug 28082 has been marked as a duplicate of this bug. ***

CC: (none) => zombie_ryushu

Comment 10 David Walser 2021-03-30 23:34:41 CEST 
Apache has issued an advisory today (March 30):
https://www.openwall.com/lists/oss-security/2021/03/30/3

The issue is fixed upstream in 1.26.

Summary: tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796, CVE-2018-17197, CVE-2019-10088, CVE-2019-10094, CVE-2020-195[01] => tika new security issues CVE-2018-133[589], CVE-2018-8017, CVE-2018-1176[12], CVE-2018-11796, CVE-2018-17197, CVE-2019-10088, CVE-2019-10094, CVE-2020-195[01], CVE-2021-28657
Status comment: Fixed upstream in 1.24 => Fixed upstream in 1.26

Comment 11 David Walser 2021-07-01 18:15:42 CEST 
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Resolution: (none) => OLD
Status: NEW => RESOLVED