A CVE has been assigned for a security issue fixed upstream in egroupware: http://openwall.com/lists/oss-security/2017/09/29/12 http://openwall.com/lists/oss-security/2017/09/28/12 The message above contains a link to the commit that fixed the issue, which was also fixed in the 16.1.20170922 release. Mageia 5 and Mageia 6 are also affected. This package has been unmaintained in Mageia for a few years and should probably be dropped in Cauldron.
Whiteboard: (none) => MGA6TOO, MGA5TOO
(In reply to David Walser from comment #0) > A CVE has been assigned for a security issue fixed upstream in egroupware: > http://openwall.com/lists/oss-security/2017/09/29/12 > http://openwall.com/lists/oss-security/2017/09/28/12 > > The message above contains a link to the commit that fixed the issue, which > was also fixed in the 16.1.20170922 release. > > Mageia 5 and Mageia 6 are also affected. > > This package has been unmaintained in Mageia for a few years and should > probably be dropped in Cauldron. Assigning to the registered maintainer.
Assignee: bugsquad => mageiaCC: (none) => marja11
Upstream patch doesn't apply as-is. I won't be fixing this for Mageia 5. Package dropped from Cauldron. Leaving open for Mageia 6 just in case someone ever wants to update this.
Whiteboard: MGA6TOO, MGA5TOO => (none)Version: Cauldron => 6
Upstream patch does not apply. Three of the four files being patched do not exist in 1.8.007.20140506, and while the fourth file is there, the patch does not apply. The changes in that fourth section reference a variable which does not appear anywhere else in the source tree. The patch, and perhaps this CVE, appears invalid for this version.
CC: (none) => mramboResolution: (none) => INVALIDStatus: NEW => RESOLVED