15888 – testdisk new security issues fixed upstream in 7.0

Bug 15888 - testdisk new security issues fixed upstream in 7.0

Summary: testdisk new security issues fixed upstream in 7.0

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	4
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/643700/
Whiteboard:	has_procedure advisory mga4-32-ok mga...
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2015-05-08 19:15 CEST by David Walser
Modified:	2015-05-12 21:38 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	testdisk-6.14-2.mga4.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-05-08 19:15:52 CEST

Fedora has issued an advisory on April 26:
https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157216.html

The issues are fixed upstream in 7.0:
http://www.cgsecurity.org/wiki/TestDisk_7.0_Release

Mageia 4 and Mageia 5 are affected.

Reproducible: 

Steps to Reproduce:

David Walser 2015-05-08 19:15:57 CEST

Whiteboard: (none) => MGA5TOO, MGA4TOO

Comment 1 David GEIGER 2015-05-11 17:50:30 CEST

Note that testdisk-7.0 need now qt4-devel as a buildrequires for building qphotorec stuff like fedora's package.

This is not the case now in our svn.

CC: (none) => geiger.david68210

Comment 2 David Walser 2015-05-11 19:35:25 CEST

The version we currently have doesn't have qphotorec as far as I can tell, so this is not a regression.  We can add this feature in Cauldron after branching.

Version: Cauldron => 4
Whiteboard: MGA5TOO, MGA4TOO => (none)

Comment 3 David Walser 2015-05-11 19:47:20 CEST

Updated packages uploaded for Mageia 4 and Cauldron.  Thanks Nicolas!

Advisory:
========================

Updated testdisk packages fix security vulnerabilities:

The testdisk package has been updated to version 7.0, fixing several security
issues and a couple of bugs.  See the upstream announcement for more details.

References:
http://www.cgsecurity.org/wiki/TestDisk_7.0_Release
https://lists.fedoraproject.org/pipermail/package-announce/2015-May/157216.html
========================

Updated packages in core/updates_testing:
========================
testdisk-7.0-1.mga4
photorec-7.0-1.mga4

from testdisk-7.0-1.mga4.src.rpm

CC: (none) => mageia
Assignee: mageia => qa-bugs

Comment 4 claire robinson 2015-05-12 17:37:46 CEST

Testing complete mga4 64

Both need to be run as root.

Used testdisk to analyse the disk partitions. Didn't make any changes.
Used photorec to scan free space and save recovered items in /root/tmp/

Whiteboard: (none) => has_procedure mga4-64-ok

Comment 5 claire robinson 2015-05-12 18:40:37 CEST

Testing complete mga4 32, as comment 4.

Comment 6 claire robinson 2015-05-12 18:43:11 CEST

Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2015-05-12 21:38:36 CEST

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0217.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.