Bug 14811 - gnustep-base new security issue CVE-2014-2980
Summary: gnustep-base new security issue CVE-2014-2980
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Nicolas Lécureuil
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/626438/
Depends on:
Reported: 2014-12-15 21:26 CET by David Walser
Modified: 2015-01-04 23:05 CET (History)
1 user (show)

See Also:
Source RPM: gnustep-base-1.24.4-10.mga5.src.rpm
Status comment:


Description David Walser 2014-12-15 21:26:54 CET
Gentoo has issued an advisory on December 13:

The upstream patch is linked from the Gentoo bug:

Mageia 4 is also affected.


Steps to Reproduce:
Comment 1 David Walser 2014-12-15 21:27:38 CET
I see that Pascal updated to 1.24.6 in SVN.  Maybe it didn't build.

Blocks: (none) => 14674
Whiteboard: (none) => MGA4TOO
CC: (none) => pterjan

Comment 2 Pascal Terjan 2014-12-16 14:56:11 CET
Indeed I have the build failure email but logs are long gone.
It builds fine here (inside iurt), so I guess something else was broken and I forgot to re-submit it.
Comment 3 Nicolas Lécureuil 2014-12-23 01:38:47 CET
pushed and built in cauldron.

Still needed in mga4 ?
Comment 4 David Walser 2014-12-23 01:42:14 CET
Still needed in both actually.  Even 1.24.6 needs to be patched.
Comment 5 Nicolas Lécureuil 2014-12-23 22:41:10 CET
oh ok, i will look then.
Comment 6 Nicolas Lécureuil 2015-01-04 21:49:55 CET
fixed in svn and in the BS

Resolution: (none) => FIXED

Comment 7 David Walser 2015-01-04 23:05:18 CET
Thanks Nicolas!

Fixed in gnustep-base-1.24.6-4.mga5.

The package isn't actually in Mageia 4 after all, so this is indeed FIXED.

Whiteboard: MGA4TOO => (none)
Blocks: 14674 => (none)

Note You need to log in before you can comment on or make changes to this bug.