Bug 18697 - sogo several new security issues (CVE-2016-618[89], CVE-2016-619[01], CVE-2014-9905)
Summary: sogo several new security issues (CVE-2016-618[89], CVE-2016-619[01], CVE-201...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Dimitri Jakov
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-13 14:23 CEST by David Walser
Modified: 2017-04-26 08:59 CEST (History)
0 users

See Also:
Source RPM: sogo-2.3.1-3.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-06-13 14:23:34 CEST 
CVEs have been requested for several security issues in SOGo:
http://openwall.com/lists/oss-security/2016/06/13/2
Comment 1 David Walser 2016-07-08 15:59:58 CEST 
Sounds like at least some of the issues have been fixed upstream now:
http://openwall.com/lists/oss-security/2016/07/08/2
Comment 2 David Walser 2016-07-09 20:22:43 CEST 
CVEs have been assigned, commits to fix them have been linked:
http://openwall.com/lists/oss-security/2016/07/09/3

Summary: sogo several new security issues => sogo several new security issues (CVE-2016-618[89], CVE-2016-619[01], CVE-2014-9905)

Comment 3 David Walser 2016-10-04 14:34:26 CEST 
sogo 3.2.0 has been released:
https://sogo.nu/news/2016/article/sogo-v320-released.html

Please update or drop this package.
Comment 4 Nicolas Lécureuil 2017-04-26 08:59:38 CEST 
Fixed in cauldron

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Assignee: mageia => mitya
Note You need to log in before you can comment on or make changes to this bug.