Upstream has issued an advisory today (April 17): http://openwall.com/lists/oss-security/2017/04/17/2 The issue is fixed in 2.8.2. Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOOCC: (none) => geiger.david68210Severity: normal => critical
URL: (none) => https://security-tracker.debian.org/tracker/CVE-2017-5645CVE: (none) => CVE-2017-5645
Fedora has issued an advisory for this on May 2: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/43G5RVIYBPLRIYERD3MI6PSJV2H6SLBV/
Fixed in cauldron
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
log4j12 is also affected. Fedora has issued an advisory for this today (June 9): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W6J67CAARU2NKXKRHLJFICQ2KQFGZG2Z/
Summary: log4j new security issue CVE-2017-5645 => log4j and log4j12 new security issue CVE-2017-5645Version: 5 => CauldronWhiteboard: (none) => MGA5TOOSource RPM: log4j-2.5-5.mga6.src.rpm => log4j-2.5-5.mga6.src.rpm, log4j12-1.2.17-16.mga6.src.rpm
Fixed in log4j12-1.2.17-17.mga6 in Cauldron.
Whiteboard: MGA5TOO => (none)Version: Cauldron => 5
We won't be fixing this type of package for Mageia 5.
Status: NEW => RESOLVEDResolution: (none) => OLD
*** Bug 25916 has been marked as a duplicate of this bug. ***
Just noting this is also being called CVE-2019-17571: http://lists.suse.com/pipermail/sle-security-updates/2020-January/006316.html
*** Bug 26082 has been marked as a duplicate of this bug. ***
CC: (none) => zombie.ryushu