Fedora has issued an advisory on June 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCJRYNE7QKMEYDFPNVS27DVM37K22WXM/ Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Assigning to the registered maintainer.
Assignee: bugsquad => joequantCC: (none) => marja11
I'm not sure we're really affected by these. Fedora only patches these CVEs for openvswitch 2.7.0. For 2.5.0, they only patched CVE-2016-10377, which may or may not affect us. We have a really old version and this package hasn't been updated in almost four years. We should probably drop it.
Status comment: (none) => Package hasn't been updated in almost 4 years, should probably be dropped
Dropped for Mageia 6.
Whiteboard: MGA5TOO => (none)Version: Cauldron => 5
openSUSE has issued an advisory on August 18: https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00057.html I'm not sure if Mageia 5 is affected.
Summary: openvswitch new security issues CVE-2017-9214 and CVE-2017-9264 => openvswitch new security issues CVE-2017-9214 and CVE-2017-926[3-5]
Ubuntu has issued an advisory for this today (October 11): https://usn.ubuntu.com/usn/usn-3450-1/
Fedora has issued an advisory for this today (October 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V4WMXBMYHAPZINK5VBGGCWVVNXLBHFCQ/
Summary: openvswitch new security issues CVE-2017-9214 and CVE-2017-926[3-5] => openvswitch new security issues CVE-2017-9214, CVE-2017-926[3-5], and CVE-2017-14970
This package is unsupported.
Resolution: (none) => OLDStatus: NEW => RESOLVED