19842 – testdisk new buffer overflow security issue

Bug 19842 - testdisk new buffer overflow security issue

Summary: testdisk new buffer overflow security issue

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Sander Lepik
QA Contact:	Sec team

URL:	https://lwn.net/Vulnerabilities/707214/
Whiteboard:	MGA5TOO
Keywords:

Depends on:
Blocks:

Reported:	2016-11-25 19:01 CET by David Walser
Modified:	2016-11-26 14:51 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	testdisk-7.0-4.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-11-25 19:01:47 CET

Gentoo has issued an advisory on November 22:
https://security.gentoo.org/glsa/201611-20

Mageia 5 is also affected.

David Walser 2016-11-25 19:02:12 CET

Whiteboard: (none) => MGA5TOO

Comment 1 Sander Lepik 2016-11-26 12:15:45 CET

Are You really sure that we are affected?

http://www.cgsecurity.org/wiki/TestDisk_7.0_Release already lists the pdf mentioned in Gentoo's bugzilla. I don't see any new releases after that. AFAIK we already upgraded mga5 to version 7 to fix that issue.

See this bug: https://bugs.mageia.org/show_bug.cgi?id=15888

Comment 2 Nicolas Lécureuil 2016-11-26 14:51:16 CET

i confirm that for me cauldron and mga5 are fixed.


Please reopen if we are wrong.

Status: NEW => RESOLVED
CC: (none) => mageia
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.