| Summary: | libsepol new security issues CVE-2021-3608[4-7] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Nicolas Lécureuil <mageia> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | mageia, marja11, ngompa13, nicolas.salguero |
| Version: | 8 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | libsepol-3.2-0.rc1.4.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2021-11-16 18:15:47 CET
David Walser
2021-11-16 18:16:32 CET
Whiteboard:
(none) =>
MGA8TOO Assigning to the registered maintainer CC:
(none) =>
marja11 Fixed in cauldron CC:
(none) =>
mageia Fixed in mga8 for CVE-2021-3608[4-6]
src:
- libsepol-3.2-0.rc1.4.1.mga8
i don't fix CVE-2021-36087. This is a documentation fix but we don't have the .md files in our package.Assignee:
ngompa13 =>
qa-bugs libsepol2-3.2-0.rc1.4.1.mga8 libsepol-devel-3.2-0.rc1.4.1.mga8 libsepol-static-devel-3.2-0.rc1.4.1.mga8 from libsepol-3.2-0.rc1.4.1.mga8.src.rpm But you missed CVE-2021-36087 indeed, which is not a documentation fix, but a code one. It's Fedora patch 0034-libsepol-cil-Check-for-statements-not-allowed-in-opt.patch and upstream commit here: https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521 Assignee:
qa-bugs =>
mageia this is not what i can find here: https://security-tracker.debian.org/tracker/CVE-2021-36087 ok seems an error in deb cve checker. I add your patch. (In reply to Nicolas Lécureuil from comment #6) > ok seems an error in deb cve checker. I add your patch. Ping. Ubuntu has issued an advisory for this on April 27: https://ubuntu.com/security/notices/USN-5391-1 Mageia 8 EOL. Resolution:
(none) =>
OLD |