| Summary: | 389-ds-base new security issue CVE-2020-35518 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | All Packagers <pkg-bugs> |
| Status: | RESOLVED INVALID | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | mageia, nicolas.salguero, ouaurelien |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | 389-ds-base-1.4.0.26-8.mga8.src.rpm | CVE: | CVE-2020-35518 |
| Status comment: | |||
| Bug Depends on: | 30001 | ||
| Bug Blocks: | |||
|
Description
David Walser
2021-03-06 00:05:23 CET
David Walser
2021-03-06 00:05:34 CET
Whiteboard:
(none) =>
MGA8TOO, MGA7TOO Advisory from March 4 for the 1.4.3.x branch: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RU64BCG5CEKHZYZZJPCMZLCNOZ6UG65S/ Hi, thanks for reporting this. As there is no maintainer for this package I added Nicolas S. committers in CC. (Please set the status to 'assigned' if you are working on it) CC:
(none) =>
nicolas.salguero, ouaurelien mga7 and 8 and current cauldron are not affected, the code faulty code have been added later ( see https://github.com/389ds/389-ds-base/issues/2535 ) Whiteboard:
MGA8TOO, MGA7TOO =>
(none) RedHat has issued an advisory for this in April 6: https://access.redhat.com/errata/RHSA-2021:1086 openSUSE has issued an advisory for this on March 16: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IJZAIJRIBNKFP5CET6TYMJ3FGMU6WYAM/ RedHat has issued an advisory for this on June 8: https://access.redhat.com/errata/RHSA-2021:2323
David Walser
2022-02-04 16:31:04 CET
Depends on:
(none) =>
30001 (In reply to Nicolas Lécureuil from comment #3) > mga7 and 8 and current cauldron are not affected, the code faulty code have > been added later ( see https://github.com/389ds/389-ds-base/issues/2535 ) Oh thanks, closing this. Status:
NEW =>
RESOLVED |