14959 – rabbitmq-server new security issue CVE-2014-9494

Bug 14959 - rabbitmq-server new security issue CVE-2014-9494

Summary: rabbitmq-server new security issue CVE-2014-9494

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Malo Deniélou
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-06 00:19 CET by David Walser
Modified:	2015-01-06 00:20 CET (History)
CC List:	0 users

See Also:
Source RPM:	rabbitmq-server-3.3.5-3.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-01-06 00:19:25 CET

A CVE has been assigned for a security issue fixed upstream in 3.4.0:
http://openwall.com/lists/oss-security/2015/01/04/2

Fedora won't be issuing any updates for this, as the version they have are not affected.

The version we have in Cauldron is affected.  Mageia 4 is not affected.

Reproducible: 

Steps to Reproduce:

Comment 1 David Walser 2015-01-06 00:20:11 CET

I added the upstream patches and fixed this in rabbitmq-server-3.3.5-4.mga5.

I mainly filed this bug to let the maintainer know, and just in case he wanted to take any further action, like updating this to 3.4.x as Fedora has in Rawhide.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.