10559 – rrdtool new security issue CVE-2013-2131

Bug 10559 - rrdtool new security issue CVE-2013-2131

Summary: rrdtool new security issue CVE-2013-2131

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	3
Hardware:	i586 Linux

Priority:	Low Severity: major
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/555221/
Whiteboard:	MGA2TOO
Keywords:

Depends on:
Blocks:

Reported:	2013-06-18 19:02 CEST by David Walser
Modified:	2014-11-27 15:53 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	rrdtool-1.4.7-5.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-06-18 19:02:31 CEST

Fedora has issued an advisory on June 7:
https://lists.fedoraproject.org/pipermail/package-announce/2013-June/109369.html

RedHat technically considered it not a security bug since the issue is documented, but Fedora updated it anyway.  Perhaps we can just fix it in Cauldron and SVN.

Reproducible: 

Steps to Reproduce:

David Walser 2013-06-18 19:03:15 CEST

CC: (none) => fundawang, guillomovitch, jquelin
Whiteboard: (none) => MGA3TOO, MGA2TOO

Comment 1 Guillaume Rousse 2013-06-21 12:40:10 CEST

Fixed in cauldron.

Comment 2 David Walser 2013-06-21 14:36:06 CEST

Fixed in Cauldron in rrdtool-1.4.8-3.mga4.  Thanks Guillaume.

Version: Cauldron => 3
Whiteboard: MGA3TOO, MGA2TOO => MGA2TOO

Comment 3 David Walser 2013-06-28 01:06:46 CEST

Patch checked into Mageia 2 and Mageia 3 SVN.

Priority: Normal => Low

Comment 4 David Walser 2014-11-27 15:53:30 CET

Closing due to Mageia 3 EOL:
http://blog.mageia.org/en/2014/11/26/lets-say-goodbye-to-mageia-3/

Status: NEW => RESOLVED
Resolution: (none) => OLD

Note You need to log in before you can comment on or make changes to this bug.