| Summary: | xstream new security issues CVE-2021-39139, CVE-2021-3914[01456789], CVE-2021-3915[0-4] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, mageia, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | xstream-1.4.15-1.1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2021-10-01 16:14:47 CEST
David Walser
2021-10-01 16:15:00 CEST
Status comment:
(none) =>
Fixed upstream in 1.4.18 fixed in mga 8/9:
src:
- xmlpull-1.2.0-1.mga8
- mxparser-1.2.2-1.mga8
- xstream-1.4.18-1.mga8
rpms:
- mxparser-1.2.2-1.mga8
- xmlpull-1.2.0-1.mga8
- xstream-1.4.18-1.mga8Version:
Cauldron =>
8 RPMS are actually: xmlpull-1.2.0-1.mga8 xmlpull-javadoc-1.2.0-1.mga8 mxparser-1.2.2-1.mga8 mxparser-javadoc-1.2.2-1.mga8 xstream-benchmark-1.4.18-1.mga8 xstream-1.4.18-1.mga8 xstream-javadoc-1.4.18-1.mga8 MGA8-64 Plasma on Lenovo B50 No installation issues OK on clean install as before. CC:
(none) =>
herman.viaene Validating. Keywords:
(none) =>
validated_update Fedora has issued an advisory for this on October 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/
Dave Hodgins
2021-10-13 20:20:32 CEST
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0474.html Resolution:
(none) =>
FIXED |