Bug 12065 - ack new security issue CVE-2013-7069
Summary: ack new security issue CVE-2013-7069
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: Jerome Quelin
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/577887/
Whiteboard:
Keywords:
Depends on:
Blocks: 11726
  Show dependency treegraph
 
Reported: 2013-12-20 23:24 CET by David Walser
Modified: 2014-01-24 20:41 CET (History)
0 users

See Also:
Source RPM: ack-2.100.0-2.mga4.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-12-20 23:24:11 CET 
Fedora has issued an advisory on December 11:
https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124539.html

The issue is fixed upstream in 2.12.

Mageia 3 is not affected.

Reproducible: 

Steps to Reproduce:
David Walser 2013-12-20 23:25:48 CET

Blocks: (none) => 11726

Comment 1 Sander Lepik 2014-01-03 18:22:43 CET 
I leave it up to Jerome to decide if this should be patched or upgraded as there are quite a few changes since 2.10.. Not sure if they break something or not.

Assignee: mageia => jquelin

Comment 2 David Walser 2014-01-23 20:33:06 CET 
Seeing as Fedora updated to 2.12, I'd expect it to be OK.  The update didn't require any SPEC file changes for Fedora (other than updating the version number):
http://pkgs.fedoraproject.org/cgit/ack.git/commit/?id=286d8b3a7c668cb160f73273e1b83cc1abd3924e

I see no value in shipping a vulnerable version when it can be fixed this easily.
Comment 3 David Walser 2014-01-24 20:41:22 CET 
Fixed in ack-2.120.0-1.mga4.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.