| Summary: | transmission new security issue CVE-2018-10756 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | CheeseEBoi, andrewsfarm, davidwhodgins, geiger.david68210, mageia, shlomif, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | transmission-2.94-6.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-05-21 00:36:49 CEST
David Walser
2020-05-21 00:37:09 CEST
Whiteboard:
(none) =>
MGA7TOO Done for both Cauldron and mga7! Advisory: ======================== Updated transmission packages fix security vulnerability: Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file (CVE-2018-10756). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10756 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/ ======================== Updated packages in core/updates_testing: ======================== transmission-common-2.94-4.1.mga7 transmission-cli-2.94-4.1.mga7 transmission-gtk3-2.94-4.1.mga7 transmission-qt5-2.94-4.1.mga7 transmission-daemon-2.94-4.1.mga7 from transmission-2.94-4.1.mga7.src.rpm Status comment:
Patch available from Fedora =>
(none) CheeseEBoi reports that the update worked for him on mageia 7 x64: <CheeseEBoi> rindolf: hey so I'm trying to see about doing some QA for the rcent transmission updates but I don't have access to the whiteboard of the bug. Am I missing something here? <rindolf> CheeseEBoi: hi <rindolf> CheeseEBoi: it may require bugzilla privileges <CheeseEBoi> rindolf: yeah that's what I thought <CheeseEBoi> rindolf: but it is still a requirement for graduation, so how do I get them? <rindolf> CheeseEBoi: we can do it for you <CheeseEBoi> rindolf: oh okay. So what should I do for that? To give some info, the update installed correctly and I did a test torrent and everything seemed fine. <rindolf> CheeseEBoi: ah <rindolf> CheeseEBoi: what is the bug url? <CheeseEBoi> rindolf: https://bugs.mageia.org/show_bug.cgi?id=26656 <CheeseEBoi> rindolf: I can comment all that info too, I guess <CheeseEBoi> rindolf: but I cannot add MGA7-64-OK to the whiteboard CC:
(none) =>
shlomif
Elliot L
2020-05-21 15:40:44 CEST
CC:
(none) =>
CheeseEBoi Validating. Advisory in Comment 2. CheesEBoi, we'll see if we can get you those editing privileges. QA needs all the help we can get! Keywords:
(none) =>
validated_update Editing privileges granted for Elliot. Thanks for helping out. CC:
(none) =>
davidwhodgins Thank you both!
Nicolas Lécureuil
2020-05-27 11:15:51 CEST
CC:
(none) =>
mageia An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0235.html Resolution:
(none) =>
FIXED |