Bug 20700 - fop new security issue CVE-2017-5661
Summary: fop new security issue CVE-2017-5661
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Nicolas Lécureuil
QA Contact: Sec team
URL: https://security-tracker.debian.org/t...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-19 02:01 CEST by David Walser
Modified: 2017-12-27 05:02 CET (History)
1 user (show)

See Also:
Source RPM: fop-2.0-5.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-04-19 02:01:10 CEST 
Upstream has issued an advisory today (April 18):
http://openwall.com/lists/oss-security/2017/04/18/2

The issue is fixed in 2.2.

Mageia 5 is also affected.
David Walser 2017-04-19 02:01:23 CEST

CC: (none) => geiger.david68210
Whiteboard: (none) => MGA5TOO

Nicolas Lécureuil 2017-04-22 21:45:21 CEST

URL: (none) => https://security-tracker.debian.org/tracker/CVE-2017-5661

Comment 1 David Walser 2017-05-10 12:17:25 CEST 
Ubuntu has issued an advisory for this on May 9:
https://www.ubuntu.com/usn/usn-3281-1/
Comment 2 David Walser 2017-06-05 00:59:06 CEST 
Fixed for Cauldron in fop-2.0-7.mga6.

Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5

Comment 3 David Walser 2017-12-27 05:02:15 CET 
We won't be fixing this type of package for Mageia 5.

Status: NEW => RESOLVED
Resolution: (none) => OLD
Note You need to log in before you can comment on or make changes to this bug.