Bug 23827

Summary: mkvtoolnix new security issue CVE-2018-4022
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: José Jorge <lists.jjorge>
Status: RESOLVED WONTFIX QA Contact: Sec team <security>
Severity: critical    
Priority: Normal    
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: mkvtoolnix-9.7.1-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2018-11-08 19:57:25 CET 
Fedora has issued an advisory today (November 8):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E667ZUTXW46V6EUJTQQH5EQRFXF2EN4B/

The issue is fixed upstream in 28.2.0 (already in Cauldron).
Comment 1 David Walser 2018-11-20 23:22:02 CET 
openSUSE has issued an advisory for this today (November 20):
https://lists.opensuse.org/opensuse-updates/2018-11/msg00096.html

They also included libmatroska in the update.
Comment 2 José Jorge 2018-11-21 15:41:50 CET 
As the tool has changed a lot, I'd prefer not push the latest version to MGA6 as an update.
Comment 3 José Jorge 2019-08-02 15:12:51 CEST 
Closing

Resolution: (none) => WONTFIX
Status: NEW => RESOLVED