Bug 23129

Summary: guava new security issue CVE-2018-10237
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: mhrambo3501
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: guava-18.0-9.mga6.src.rpm CVE:
Status comment: Patch available from Fedora

Description David Walser 2018-06-07 19:19:31 CEST 
Fedora has issued an advisory on May 14:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ANZI3CZ5L2Y6MKOOLTLDX77CGUZ6NF64/

The issue is fixed upstream in 24.1.1 and 25.0 and Fedora has a patch.

I see the Java team was already aware of this and didn't file a bug.  Please file bugs when you become aware of security issues!

Mageia 5 is also affected (but doesn't need to be fixed).
David Walser 2018-06-07 19:20:33 CEST

Status comment: (none) => Patch available from Fedora

Comment 1 Mike Rambo 2019-11-06 13:28:31 CET 
Mageia 6 is EOL.

Resolution: (none) => OLD
CC: (none) => mrambo
Status: NEW => RESOLVED