Bug 23879

Summary: libconfuse new security issue CVE-2018-14447
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Jack M <jackal.j>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: geiger.david68210, mhrambo3501
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libconfuse-3.2.1-4.mga7.src.rpm CVE:
Status comment:

Description David Walser 2018-11-22 03:40:25 CET 
Fedora has issued an advisory tomorrow (November 22):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UQNPFOHU42XZSP322DZUSQCPRCWDEXSO/

The issue is fixed upstream in 3.2.2.

Mageia 6 is also affected.
David Walser 2018-11-22 03:40:32 CET

Whiteboard: (none) => MGA6TOO

Comment 1 David GEIGER 2018-11-22 07:08:21 CET 
Assigning to the registered maintainer.

CC: (none) => geiger.david68210
Assignee: bugsquad => jackal.j

Comment 2 David Walser 2018-11-22 18:54:53 CET 
libconfuse-3.2.2-1.mga7 uploaded for Cauldron by David.

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 3 Mike Rambo 2019-11-06 13:46:24 CET 
Mageia 6 is EOL.

Resolution: (none) => OLD
CC: (none) => mrambo
Status: NEW => RESOLVED