Bug 22069 - perl-XML-LibXML new security issue CVE-2017-10672
Summary: perl-XML-LibXML new security issue CVE-2017-10672
Status: RESOLVED DUPLICATE of bug 21332
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Shlomi Fish
QA Contact: Sec team
URL:
Whiteboard: MGA5TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-22 19:41 CET by David Walser
Modified: 2017-11-22 23:43 CET (History)
1 user (show)

See Also:
Source RPM: perl-XML-LibXML
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-11-22 19:41:25 CET 
Debian has issued an advisory on November 19:
https://www.debian.org/security/2017/dsa-4042

Mageia 5 and Mageia 6 are also affected.
Comment 1 Marja Van Waes 2017-11-22 20:55:58 CET 
Assigning to the registered maintainer.

Whiteboard: (none) => MGA6TOO, MGA5TOO
CC: (none) => marja11
Assignee: bugsquad => shlomif

Shlomi Fish 2017-11-22 22:28:42 CET

Source RPM: perl-libxml-perl-0.80.0-8.mga6.src.rpm => perl-XML-LibXML
Summary: perl-libxml-perl new security issue CVE-2017-10672 => perl-XML-LibXML new security issue CVE-2017-10672

Comment 2 Shlomi Fish 2017-11-22 22:30:12 CET 
The correct package in mageia is perl-XML-LibXML and I am its upstream maintainer.
Comment 3 Shlomi Fish 2017-11-22 22:41:09 CET 
The version in cauldron already includes the fix.

Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Version: Cauldron => 6

Comment 4 Shlomi Fish 2017-11-22 22:47:27 CET 
seems like a duplicate of https://bugs.mageia.org/show_bug.cgi?id=21332 .

*** This bug has been marked as a duplicate of bug 21332 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Comment 5 David Walser 2017-11-22 23:43:06 CET 
Ahh yes, good catch.  Debian's naming of their perl packages is horribly unhelpful.
Note You need to log in before you can comment on or make changes to this bug.