Bug 15023 - smack new security CVE-2014-0364
Summary: smack new security CVE-2014-0364
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: D Morgan
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/629238/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-12 19:03 CET by David Walser
Modified: 2015-09-02 17:36 CEST (History)
0 users

See Also:
Source RPM: smack-3.2.2-4.1.mga4.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-01-12 19:03:51 CET 
Fedora has issued an advisory on January 3:
https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147885.html

Fedora addressed it in Fedora 21 by upgrading from 3.2.2 to 4.0.6.  I'm not sure if that would be appropriate for Mageia 4.  It may be best to wait and see what Fedora does in Fedora 20.

Cauldron is currently not affected as this package has been removed from there.  Hopefully it won't be reintroduced.

The RedHat bug links upstream commits that they believe fixed this:
https://bugzilla.redhat.com/show_bug.cgi?id=1093276

Reproducible: 

Steps to Reproduce:
David Walser 2015-01-12 19:15:33 CET

URL: (none) => http://lwn.net/Vulnerabilities/629238/

Comment 1 David Walser 2015-09-02 17:36:37 CEST 
With only a couple of weeks remaining in Mageia 4's lifetime, we don't have time to fix this and test it.  This package has been dropped and no longer exists in Mageia as of Mageia 5.  Closing this as OLD.

Status: NEW => RESOLVED
Resolution: (none) => OLD
Note You need to log in before you can comment on or make changes to this bug.