Bug 31228

Summary: apache-commons-net new security issue CVE-2021-37533
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: apache-commons-net-3.8.0-1.mga9.src.rpm CVE:
Status comment: Fixed upstream in 3.9.0

Description David Walser 2022-12-06 17:14:00 CET 
Apache has issued an advisory on December 3:
https://www.openwall.com/lists/oss-security/2022/12/03/1

The issue is fixed upstream in 3.9.0.

Mageia 8 is also affected.
David Walser 2022-12-06 17:14:17 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 3.9.0

Comment 1 David Walser 2022-12-30 19:50:05 CET 
Debian has issued an advisory for this on December 29:
https://www.debian.org/security/2022/dsa-5307
Comment 2 David Walser 2023-05-06 22:56:32 CEST 
Ubuntu has issued an advisory for this on April 28:
https://ubuntu.com/security/notices/USN-6037-1
Comment 3 David GEIGER 2023-07-01 09:04:54 CEST 
Patch added for cauldron!

CC: (none) => geiger.david68210

Comment 4 David GEIGER 2023-07-02 18:25:46 CEST 
Packages moved to Core/Release for cauldron!

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 5 Nicolas Salguero 2024-01-12 10:32:47 CET 
Mageia 8 EOL

Resolution: (none) => OLD
CC: (none) => nicolas.salguero
Status: NEW => RESOLVED