Bug 25875

Summary: jruby new security issues CVE-2017-17742, CVE-2019-832[0-5], CVE-2019-16201, CVE-2019-16254, CVE-2019-16255
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: David GEIGER <geiger.david68210>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal    
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: jruby-1.7.22-8.mga8.src.rpm CVE:
Status comment:
Bug Depends on: 27402    
Bug Blocks:    

Description David Walser 2019-12-14 19:00:45 CET 
Debian-LTS has issued an advisory on December 10:
https://www.debian.org/lts/security/2019/dla-2027

Mageia 7 is also affected.
David Walser 2019-12-14 19:00:56 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Lewis Smith 2019-12-14 20:39:26 CET 
This SRPM has no registered maintainer. Assigning to DavidG as the most recent active committer.

Assignee: bugsquad => geiger.david68210

Comment 2 David Walser 2020-08-21 20:48:16 CEST 
Debian-LTS has issued an advisory on August 16:
https://www.debian.org/lts/security/2020/dla-2330

It fixes the previously mentioned CVEs and some new ones.

Summary: jruby new security issues CVE-2017-17742, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255 => jruby new security issues CVE-2017-17742, CVE-2019-832[0-5], CVE-2019-16201, CVE-2019-16254, CVE-2019-16255

David Walser 2020-10-16 17:43:49 CEST

Depends on: (none) => 27402

Comment 3 David Walser 2020-10-16 17:44:25 CEST 
Package (mercifully) dropped from Cauldron.

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 4 David Walser 2020-11-27 21:37:55 CET 
Fixed in:
https://advisories.mageia.org/MGASA-2020-0440.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED