Bug 17320 - pax-utils several security-related fixes in 1.1.4 and 1.2.1
Summary: pax-utils several security-related fixes in 1.1.4 and 1.2.1
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Thierry Vignaud
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/667467/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-10 17:06 CET by David Walser
Modified: 2017-04-27 18:15 CEST (History)
1 user (show)

See Also:
Source RPM: pax-utils-0.8.1-3.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-12-10 17:06:50 CET 
Fedora has issued an advisory on December 9:
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173515.html

I'm not sure how important any of these fixes are or if we should update the Mageia 5 package as well, I'll leave that to the maintainer to evaluate.  The Cauldron package should be updated at the very least.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2017-02-01 12:28:48 CET 
Two more issues fixed in 1.2.1 (1.2.2 fixes some regressions):
http://openwall.com/lists/oss-security/2017/02/01/4
http://openwall.com/lists/oss-security/2017/02/01/5

Summary: pax-utils several security-related fixes in 1.1.4 => pax-utils several security-related fixes in 1.1.4 and 1.2.1

Comment 3 David Walser 2017-02-25 18:20:06 CET 
Another issue that will be fixed in 1.2.3 (with commit links):
http://openwall.com/lists/oss-security/2017/02/25/1
Comment 4 Nicolas Lécureuil 2017-04-22 21:54:00 CEST 
thierry some thoughs about this issue ?

CC: (none) => mageia

Comment 5 Nicolas Lécureuil 2017-04-27 18:15:19 CEST 
updated on cauldron

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.