A CVE for radicale has been announced: http://openwall.com/lists/oss-security/2017/04/30/5 The issue is fixed upstream in 1.1.2. Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Fixed in cauldron
CC: (none) => mageiaWhiteboard: MGA5TOO => (none)CVE: (none) => CVE-2017-8342Version: Cauldron => 5
pushed in updates_testing src.rpm: radicale-1.1.1-1.2.mga5
Assignee: jani.valimaa => qa-bugs
Thanks Nicolas! Advisory: ======================== Updated radicale package fixes security vulnerability: Radicale before 1.1.2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method (CVE-2017-8342). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8342 http://openwall.com/lists/oss-security/2017/04/30/5 ======================== Updated packages in core/updates_testing: ======================== radicale-1.1.1-1.2.mga5 from radicale-1.1.1-1.2.mga5.src.rpm
Has it been pushed to Cauldron? My version is still reading 1.1.1-4.mga6!
CC: (none) => eatdirt
Index: SPECS/radicale.spec =================================================================== --- SPECS/radicale.spec (révision 1098165) +++ SPECS/radicale.spec (révision 1098166) @@ -3,7 +3,7 @@ Summary: Simple Calendar and Contact Server Name: radicale Version: 1.1.1 -Release: %mkrel 3 +Release: %mkrel 4 License: GPLv3+ Group: System/Servers URL: http://radicale.org/ @@ -13,6 +13,7 @@ Source3: radicale.tmpfiles # Patch0: config adjustments for systemwide installation Patch0: radicale-0.10-systemwide.patch +Patch1: radicale-1.1.1-CVE-2017-8342.patch BuildArch: noarch BuildRequires: python3-devel Requires(pre): rpm-helper >= %{rpmhelper_required_version}
Indeed :) The changelog seems to be screwed in my case, I got confused. Thanks. Anyway, I am running it all the time, so I can confirm that the Cauldron version for x86_64 works perfectly fine! thanks.
MGA5-32 on Acer A6000VM Xfce No installation issues Started radicale as root in CLI OK Following lead in bug 17452 comment 9, I could create a calendar in Thunderbird using radicale, and enter an item in the calendar.
Whiteboard: (none) => MGA5-32-OKCC: (none) => herman.viaene
Whiteboard: MGA5-32-OK => MGA5-32-OK advisoryCC: (none) => lewyssmith
Testing M5-64 I happily already had this installed & configured & tried (see https://bugs.mageia.org/show_bug.cgi?id=17452#c9 comments 9-11). The update was seamless to: radicale-1.1.1-1.2.mga5 Needed to start the radicale server subsequently. Evolution then worked quite well. I could add/view/edit an appointment, visible on the clander. Added a contact, they were all in evidence. Kontact half worked, but its (or my) failures were the same as previously. You seem to be able to add events, but they do not show on the calenders. However, they do via the 'summary' button. For contacts, you seem to be able to add one, but never see it subsequently in the address books. Notes can be added & seen. OKing this. Validating.
Whiteboard: MGA5-32-OK advisory => MGA5-32-OK advisory MGA5-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0140.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED