Fedora has issued an advisory on November 14: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6RF7IRNEREOGUAKOAE2LLRIJ37TCLAL4/ LWN reference for the first CVE: http://lwn.net/Vulnerabilities/706479/
Whiteboard: (none) => MGA5TOO
fixed on cauldron
CC: (none) => mageiaVersion: Cauldron => 5
Whiteboard: MGA5TOO => (none)
*** Bug 19676 has been marked as a duplicate of this bug. ***
Assignee: bugsquad => qa-bugs
Advisory: ======================== Updated tre packages fix security vulnerabilities: The TRE library allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression (CVE-2015-3796). A vulnerability has been found in the tre package that could allow an attacker to perform controlled heap corruption (CVE-2016-8859). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8859 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6RF7IRNEREOGUAKOAE2LLRIJ37TCLAL4/ ======================== Updated packages in core/updates_testing: ======================== libtre5-0.8.0-12.1.mga5 agrep-0.8.0-12.1.mga5 libtre-devel-0.8.0-12.1.mga5 from tre-0.8.0-12.1.mga5.src.rpm
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
MGA5-32 on Acer D620 Xfce No installation issues Tried "ps -ef | agrep -2 http" versus "ps -ef | grep http". agrep generate noticeably more output.
CC: (none) => herman.viaeneWhiteboard: advisory => advisory MGA5-32-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0395.html
Status: NEW => RESOLVEDResolution: (none) => FIXED