Bug 20661 - slrn new security issue CVE-2014-3566
Summary: slrn new security issue CVE-2014-3566
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Remco Rijnders
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-14 21:52 CEST by David Walser
Modified: 2017-07-24 13:48 CEST (History)
2 users (show)

See Also:
Source RPM: slrn-1.0.1-6.mga6.src.rpm
CVE: CVE-2014-3566
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-04-14 21:52:19 CEST 
openSUSE has issued an advisory on April 11:
https://lists.opensuse.org/opensuse-updates/2017-04/msg00040.html

This is another POODLE issue.  SSLv3 needs to be disabled.
Comment 1 Marja Van Waes 2017-04-15 09:50:17 CEST 
Assigning to the registered maintainer.

Assignee: bugsquad => remco
CC: (none) => marja11

Nicolas Lécureuil 2017-04-22 22:22:28 CEST

CC: (none) => mageia
CVE: (none) => CVE-2014-3566

Comment 2 Nicolas Lécureuil 2017-04-22 22:34:12 CEST 
fixed in cauldron

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 Remco Rijnders 2017-07-24 13:39:40 CEST 
Many thanks for fixing this Nicolas. We should also release an update for Mageia 5 for this.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 4 David Walser 2017-07-24 13:48:50 CEST 
We could make an update for Mageia 5 for this, but these kinds of issues by themselves aren't really worth pushing updates for.  The important thing was to fix it for Mageia 6.  I suggest just checking the fix into Mageia 5 SVN and it will go out if we have any other reason to update it.  If you really want to push an update just for this, please set the version to 5.

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.