Bug 16690 - xmltooling new security issue CVE-2015-0851
Summary: xmltooling new security issue CVE-2015-0851
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/653065/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-02 20:24 CEST by David Walser
Modified: 2015-10-14 19:30 CEST (History)
1 user (show)

See Also:
Source RPM: xmltooling-1.5.3-5.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-09-02 20:24:28 CEST 
+++ This bug was initially created as a clone of Bug #16514 +++

Debian has issued an advisory on July 30:
https://www.debian.org/security/2015/dsa-3321

I patched this in Cauldron, but it didn't build because of a problem with Boost:
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20150902181626.luigiwalser.valstar.1862/log/xmltooling-1.5.3-6.mga6/build.0.20150902181702.log

Guillaume, please fix this, and make sure that once this fixed package is built and uploaded, that the opensaml package gets rebuilt against it.
David Walser 2015-09-02 20:24:44 CEST

Depends on: 16514 => (none)

Comment 1 Sander Lepik 2015-10-11 18:54:26 CEST 
Dropped from cauldron.

CC: (none) => mageia
Hardware: i586 => All
Version: Cauldron => 5

Comment 2 David Walser 2015-10-14 19:30:28 CEST 
Fixed by dropping from Cauldron.

Status: NEW => RESOLVED
Version: 5 => Cauldron
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.