Debian-LTS has issued an advisory on September 5: http://lwn.net/Alerts/699659/ Mageia 5 may also be affected.
Fixed for mga5 and freeze push requested for Cauldron.
CC: (none) => geiger.david68210
Thanks David! Advisory: ======================== Updated jsch packages fix security vulnerability: It was discovered that there was a path traversal vulnerability in jsch (CVE-2016-5725). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5725 http://lwn.net/Alerts/699659/ ======================== Updated packages in core/updates_testing: ======================== jsch-0.1.51-4.1.mga5 jsch-javadoc-0.1.51-4.1.mga5 jsch-demo-0.1.51-4.1.mga5 from jsch-0.1.51-4.1.mga5.src.rpm
Version: Cauldron => 5Assignee: mageia => qa-bugs
Got https://gist.githubusercontent.com/ymnk/2318108/raw/82819389a225265c2aa4ca11afc0b35e938607fe/Shell.java to compile with "javac -cp /usr/share/java/jsch.jar Shell.java", but ran into usual problems testing java programs, so validating based it the update installing cleanly, and the example compiling ok.
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0311.html
Status: NEW => RESOLVEDResolution: (none) => FIXED