Bug 30679

Summary: osmo URL tag points to phishing website
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: osmo-0.4.4-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2022-07-28 18:04:38 CEST 
Fedora has issued an advisory today (July 28):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LTWR4QVCBA3OCDWSLZBEHJLEDAGIUFRX/

They updated the URL tag in the package from the same URL we currently have in ours, to the following official website for the software, due to the old URL now pointing to a phishing site:
http://osmo-pim.sourceforge.net/

Mageia 8 is also affected.
David Walser 2022-07-28 18:04:52 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 Barry Jackson 2022-07-31 01:05:16 CEST 
Updated in Cauldron and Update pushed to 8/core/updates_testing

Advisory
#####################
Phishing website URL removed from package spec file and replaced with official site link.
#####################

References
####################
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LTWR4QVCBA3OCDWSLZBEHJLEDAGIUFRX/
https://bugs.mageia.org/show_bug.cgi?id=30679

Files affected
####################
osmo-0.4.4-1.1.mga8.x86_64.rpm
osmo-debuginfo-0.4.4-1.1.mga8.x86_64.rpm
osmo-debugsource-0.4.4-1.1.mga8.x86_64.rpm

From:-
osmo-0.4.4-1.1.mga8.x86_64.src.rpm

Testing
###################
No changes to current sources, so I see no reason for testing this update, other than to check that it installs as before.

Assignee: zen25000 => qa-bugs

Thomas Backlund 2022-08-03 21:14:07 CEST

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 2 Herman Viaene 2022-08-04 15:45:25 CEST 
MGA8-64 Plasma on Acer Aspire 5253
No installation issue.
Installed OK, opened it and assigned a task on today. Made proper noise.
OK for me.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2022-08-05 00:04:34 CEST 
Validating. Advisory in Comment 1.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-08-05 16:46:13 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 4 Mageia Robot 2022-08-05 23:01:59 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0276.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED