Bug 27849

Summary: xstream new security issue CVE-2020-26217
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: mageia, zombie_ryushu
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: xstream-1.4.12-1.mga8.src.rpm CVE:
Status comment: Fixed upstream in 1.4.14, patch available from Debian
Bug Depends on: 27980    
Bug Blocks:    

Description David Walser 2020-12-16 15:34:21 CET 
Debian has issued an advisory on December 15:
https://www.debian.org/security/2020/dsa-4811

The issue is fixed upstream in 1.4.14.

Mageia 7 is also affected.
David Walser 2020-12-16 15:34:27 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Nicolas Lécureuil 2020-12-24 12:49:39 CET 
fixed in cauldron

CC: (none) => mageia
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

David Walser 2020-12-28 19:15:49 CET

Status comment: (none) => Fixed upstream in 1.4.14, patch available from Debian

Zombie Ryushu 2020-12-29 07:08:36 CET

CC: (none) => zombie_ryushu
URL: (none) => https://nvd.nist.gov/vuln/detail/CVE-2020-26259
CVE: (none) => CVE-2020-26259

Zombie Ryushu 2020-12-29 07:08:53 CET

Version: 7 => Cauldron
Whiteboard: (none) => MGA7TOO

David Walser 2020-12-29 16:23:26 CET

CVE: CVE-2020-26259 => (none)
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-26259 => (none)
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

David Walser 2020-12-29 16:29:49 CET

Depends on: (none) => 27980

Comment 3 David Walser 2021-01-18 16:56:08 CET 
RedHat has issued an advisory for this today (January 18):
https://access.redhat.com/errata/RHSA-2021:0162
Comment 4 David Walser 2021-01-23 19:48:44 CET 
openSUSE has issued an advisory for this on January 22:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CTO6QRFLVKVHOYBP6VLJP4KZXZFZSKET/
Comment 5 David Walser 2021-07-01 18:26:45 CEST 
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Status: NEW => RESOLVED
Resolution: (none) => OLD