Bug 24749

Summary: ed new security issue CVE-2017-5357
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11, mhrambo3501, smelror
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6TOO
Source RPM: ed-1.15-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-05-03 20:32:55 CEST 
SUSE has issued an advisory on April 1:
http://lists.suse.com/pipermail/sle-security-updates/2019-April/005279.html

Mageia 6 is also affected.
David Walser 2019-05-03 20:33:01 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2019-05-03 21:10:17 CEST 
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Also CC'ing two submitters.

CC: (none) => marja11, mrambo, smelror
Assignee: bugsquad => pkg-bugs

Comment 2 Mike Rambo 2019-05-04 15:57:27 CEST 
Neither cauldron or Mageia 6 are vulnerable to this bug. The initial bug report and response are here.

https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html

The description of the solution above matches the proposed patch from SUSE here.

https://bugzilla.suse.com/show_bug.cgi?id=1019807

The fixed release is announced here and is 1.14.1.

https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00002.html

As cauldron is 1.15 and Mageia 6 is 1.14.2 (and moreover a check of regex.c in both tarballs show the line removed in the proposed patch is already gone) this bug is invalid.

Resolution: (none) => INVALID
Status: NEW => RESOLVED