Bug 24562

Summary: ntfs-3g new security issue CVE-2019-9755
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, lists.jjorge, marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ntfs-3g-2017.3.23-6.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-03-25 22:11:57 CET 
Debian has issued an advisory on March 21:
https://www.debian.org/security/2019/dsa-4413

Mageia 6 is also affected.
David Walser 2019-03-25 22:12:02 CET

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2019-03-25 22:15:30 CET 
It's not installed setuid root in Mageia, so this is INVALID.

We should add the patch in Cauldron just in case someone setuid's it themself.

Ubuntu has also issued an advisory for this:
https://usn.ubuntu.com/3914-1/

Whiteboard: MGA6TOO => (none)

Comment 2 Marja Van Waes 2019-03-26 08:39:22 CET 
(In reply to David Walser from comment #1)
> It's not installed setuid root in Mageia, so this is INVALID.
> 
> We should add the patch in Cauldron just in case someone setuid's it
> themself.

Assigning to all packagers collectively, since mr. Nobody owns this package. Also CC'ing two committers.
> 
> Ubuntu has also issued an advisory for this:
> https://usn.ubuntu.com/3914-1/

Assignee: bugsquad => pkg-bugs
CC: (none) => geiger.david68210, lists.jjorge, marja11

Comment 3 David GEIGER 2019-03-26 09:20:43 CET 
Fixed for Cauldron!
Comment 4 Marja Van Waes 2019-03-26 10:28:26 CET 
(In reply to David GEIGER from comment #3)
> Fixed for Cauldron!

Thanks, closing then :-)

Status: NEW => RESOLVED
Resolution: (none) => FIXED