Bug 31075

Summary: apache-ivy new security issues CVE-2022-3786[56]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, davidwhodgins, geiger.david68210, herman.viaene, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: apache-ivy-2.5.0-3.mga9.src.rpm CVE:
Status comment:

Description David Walser 2022-11-04 17:07:20 CET 
Apache has issued advisories on November 4:
https://www.openwall.com/lists/oss-security/2022/11/04/2
https://www.openwall.com/lists/oss-security/2022/11/04/3

The issues are fixed upstream in 2.5.1.

Mageia 8 is also affected.
David Walser 2022-11-04 17:09:23 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 2.5.1

Comment 1 David GEIGER 2023-07-01 07:08:39 CEST 
patch added for both mga8 and cauldron!


Packages in 9/Core/Updates_testing:
======================
apache-ivy-javadoc-2.5.0-4.mga9.noarch.rpm
apache-ivy-2.5.0-4.mga9.noarch.rpm

Packages in 8/Core/Updates_testing:
======================
apache-ivy-2.5.0-1.1.mga8.noarch.rpm
apache-ivy-javadoc-2.5.0-1.1.mga8.noarch.rpm


From SRPMS:
apache-ivy-2.5.0-4.mga9.src.rpm
apache-ivy-2.5.0-1.1.mga8.src.rpm

Assignee: java => qa-bugs
CC: (none) => geiger.david68210
Status comment: Fixed upstream in 2.5.1 => (none)

Comment 2 David GEIGER 2023-07-02 15:44:45 CEST 
apache-ivy moved in Core/Release for cauldron, so fixed for it!

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 3 Herman Viaene 2023-07-03 16:00:44 CEST 
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Developer's stuff, does not harm anything else (httpd starts, localhost 'It works').

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 David Walser 2023-07-04 00:04:42 CEST 
It doesn't have anything to do with httpd, but clean install/update is fine.
Comment 5 Thomas Andrews 2023-07-06 01:59:28 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-07-06 22:29:12 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 6 Mageia Robot 2023-07-07 07:56:20 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0216.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED