Fedora has issued an advisory on December 11: https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124539.html The issue is fixed upstream in 2.12. Mageia 3 is not affected. Reproducible: Steps to Reproduce:
Blocks: (none) => 11726
I leave it up to Jerome to decide if this should be patched or upgraded as there are quite a few changes since 2.10.. Not sure if they break something or not.
Assignee: mageia => jquelin
Seeing as Fedora updated to 2.12, I'd expect it to be OK. The update didn't require any SPEC file changes for Fedora (other than updating the version number): http://pkgs.fedoraproject.org/cgit/ack.git/commit/?id=286d8b3a7c668cb160f73273e1b83cc1abd3924e I see no value in shipping a vulnerable version when it can be fixed this easily.
Fixed in ack-2.120.0-1.mga4.
Status: NEW => RESOLVEDResolution: (none) => FIXED