Bug 21092 - libgcrypt new security issue CVE-2017-9526
Summary: libgcrypt new security issue CVE-2017-9526
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-15 01:55 CEST by David Walser
Modified: 2017-07-08 20:09 CEST (History)
1 user (show)

See Also:
Source RPM: libgcrypt-1.7.6-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2017-06-15 01:55:45 CEST
Debian has issued an advisory today (June 14):
https://www.debian.org/security/2017/dsa-3880

The issue was fixed upstream in 1.7.7:
https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000406.html

I haven't read anything yet that indicates that 1.5.x is affected, but I'm filing this bug when I can re-open later if anything comes to light.  Otherwise it will document that I already fixed this in Cauldron.
Comment 1 David Walser 2017-06-15 01:56:00 CEST
Fixed in libgcrypt-1.7.7-1.mga6.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

David Walser 2017-07-07 04:21:30 CEST

Depends on: (none) => 21178

Comment 2 David Walser 2017-07-07 04:21:59 CEST
Re-opening for Mageia 5.

Version: Cauldron => 5
Resolution: FIXED => (none)
Status: RESOLVED => REOPENED

Comment 3 Marja Van Waes 2017-07-07 13:45:59 CEST
Assigning to all packagers collectively, since there is no registered maintainer for this package.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Marja Van Waes 2017-07-07 13:47:02 CEST

QA Contact: (none) => security
Component: RPM Packages => Security

Comment 4 David Walser 2017-07-08 20:09:28 CEST
Upon further examination of the Ubuntu advisory, this one doesn't affect Mageia 5.

Version: 5 => Cauldron
Status: REOPENED => RESOLVED
Depends on: 21178 => (none)
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.