| Summary: | Update request: sympa-6.2.42-1.1.mga7 (fixes CVE-2020-9369) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Thomas Backlund <tmb> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | sympa-6.2.42-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Thomas Backlund
2020-03-06 13:30:48 CET
Thomas Backlund
2020-03-06 17:13:43 CET
Keywords:
(none) =>
advisory MGA7-64 Plasma on Lenovo B50 No installation issues Ref to bugs 15097 and 6772 for config. Run /usr/sbin/sympa_wizard.pl Accepting defaults except for passwords for mysql, no errors given After that, checked phpmyadmin, seeing nothing like sympa. Pointed firefox to http://localhost/sympa/, seeing there the name I gave during the wizard, but none of the links work (error 404) and the login link doesn't do anything at all. And yes, mod_fcgid is installed. CC:
(none) =>
herman.viaene Fedora has issued an advisory for this on March 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/ The issue is fixed upstream in 6.2.54 (and patched by us obviously). Source RPM:
sympa =>
sympa-6.2.42-1.mga7.src.rpm Referring to Bug 23536, I see that the last update to sympa sat around for months before I finally validated it based on Herman's clean install. We have the same situation now, but I see no reason to wait so long this time. Giving this a 64-bit OK based once again on Herman's effort, and validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0146.html Resolution:
(none) =>
FIXED |