Bug 27665

Summary: rclone new security issue CVE-2020-28924
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Joseph Wang <joequant>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal Keywords: Triaged
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: rclone-1.52.2-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2020-11-24 22:25:35 CET 
openSUSE has issued an advisory today (November 24):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7U7GCOTNOZAWDNUDHOMKJOI2QXP3XJCD/

The issue is fixed upstream in 1.52.3.
Comment 1 Aurelien Oudelet 2020-11-25 18:26:22 CET 
Hi, thanks for reporting this bug.
Assigned to the package maintainer.

(Please set the status to 'assigned' if you are working on it)

Assignee: bugsquad => joequant
Keywords: (none) => Triaged

Joseph Wang 2020-11-26 05:57:39 CET

Status: NEW => ASSIGNED

Comment 2 Joseph Wang 2020-11-26 10:48:35 CET 
updated in cauldron
Comment 3 David Walser 2020-11-26 15:29:41 CET 
rclone-1.52.3-1.mga8 uploaded for Cauldron.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 4 David Walser 2020-12-06 02:02:08 CET 
Upstream advisory:
https://github.com/rclone/rclone/issues/4783

It's actually 1.53.3 that fixes the issue, so we're not done with this.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 5 David Walser 2020-12-07 15:32:46 CET 
Fixed now in rclone-1.53.3-1.mga8.

Resolution: (none) => FIXED
Status: REOPENED => RESOLVED