Bug 6742

Summary: jruby new security issues CVE-2011-4838 and CVE-2012-5370
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Rémy CLOUARD (shikamaru) <shikamaru>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: dmorganec, fundawang, shikamaru
Version: 2   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/506206/
Whiteboard:
Source RPM: jruby-1.4.0-3.mga2.src.rpm CVE:
Status comment:

Description David Walser 2012-07-11 00:48:11 CEST 
Gentoo has issued an advisory on July 9:
http://www.gentoo.org/security/en/glsa/glsa-201207-06.xml

This issue is fixed upstream in 1.6.5.1.

Mageia 2 is also affected.
David Walser 2012-07-11 00:49:16 CEST

CC: (none) => dmorganec
Whiteboard: (none) => MGA2TOO

Comment 1 Rémy CLOUARD (shikamaru) 2012-12-07 22:34:41 CET 
also taking that one, thanks for the report

Regards,

Status: NEW => ASSIGNED
CC: (none) => shikamaru
Assignee: bugsquad => shikamaru

Comment 2 David Walser 2012-12-21 17:20:30 CET 
RedHat has issued an advisory today (December 21):
https://rhn.redhat.com/errata/RHSA-2012-1604.html

This adds a new CVE for JRuby, CVE-2012-5370, fixed upstream in 1.7.1.

from http://lwn.net/Vulnerabilities/530373/

Summary: jruby new security issue CVE-2011-4838 => jruby new security issues CVE-2011-4838 and CVE-2012-5370

David Walser 2012-12-21 17:24:12 CET

Severity: normal => major

David Walser 2013-02-13 20:26:24 CET

CC: (none) => fundawang

Comment 3 David Walser 2013-02-23 16:56:35 CET 
Package removed from Cauldron.  Changing version assignment to Mageia 2 only.

Version: Cauldron => 2
Whiteboard: MGA2TOO => (none)

Comment 4 David Walser 2013-11-22 15:53:56 CET 
Closing this now due to Mageia 2 EOL.

http://blog.mageia.org/en/2013/11/21/farewell-mageia-2/

Status: ASSIGNED => RESOLVED
Resolution: (none) => OLD
QA Contact: (none) => security