openSUSE has issued an advisory today (December 12): https://lists.opensuse.org/opensuse-updates/2017-12/msg00046.html The issue is fixed upstream in 2.4 (already in Cauldron). Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOOVersion: Cauldron => 6CC: (none) => mageia, shlomif
Assigning to the registered fossil maintainer.
CC: (none) => marja11Assignee: bugsquad => shlomif
Advisory: ======================== Updated fossil package fixes security vulnerability: Client-side code execution via crafted "ssh://" URLs (CVE-2017-17459). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17459 https://lists.opensuse.org/opensuse-updates/2017-12/msg00046.html ======================== Updated packages in core/updates_testing: ======================== fossil-2.4-1.mga5 fossil-2.4-1.mga6 from SRPMS: fossil-2.4-1.mga5.src.rpm fossil-2.4-1.mga6.src.rpm
Assignee: shlomif => qa-bugs
MGA5-32 on Dell Latitude D600 Xfce No installation issues $ fossil help Usage: fossil help TOPIC Common commands: (use "fossil help -a|--all" for a complete list) add cat finfo mv rm undo addremove changes fusefs open settings unpublished all clean gdiff praise sqlite3 unversioned amend clone help publish stash update annotate commit import pull status version bisect delete info push sync blame diff init rebuild tag branch export ls remote-url timeline bundle extras merge revert ui This is fossil version 2.4 [a0001dcf57] 2017-11-03 09:29:29 UTC $ fossil version This is fossil version 2.4 [a0001dcf57] 2017-11-03 09:29:29 UTC Refering to tests in bug 21551 $ cd Documenten.orig/ $ fossil init testfossil project-id: 06d5f20f96011b291b940260998419ceb3ebfa23 server-id: 5ea25bb8bb9c9ee50212e00d54fc3bede422fdc8 admin-user: tester5 (initial password is "24ea73") $ fossil info testfossil project-name: <unnamed> project-code: 06d5f20f96011b291b940260998419ceb3ebfa23 [tester5@mach6 Documenten.orig]$ fossil clone http://www.fossil-scm.org/ testfossil1 Round-trips: 6 Artifacts sent: 0 received: 38461 Clone done, sent: 1578 received: 27022723 ip: 45.33.6.223 Rebuilding repository meta-data... 100.0% complete... Extra delta compression... Vacuuming the database... project-id: CE59BB9F186226D80E49D1FA2DB29F935CCA0333 server-id: 2d208cb5dc8f477b4e6c393ef53f0b6693d31fab admin-user: tester5 (password is "92d273") $ fossil open testfossil project-name: <unnamed> repository: /home/tester5/Documenten.orig/testfossil local-root: /home/tester5/Documenten.orig/ config-db: /home/tester5/.fossil project-code: 06d5f20f96011b291b940260998419ceb3ebfa23 checkout: 4562ad284b80e2b3744a5f6273177f26694b0484 2017-12-30 13:56:21 UTC tags: trunk comment: initial empty check-in (user: tester5) check-ins: 1 $ fossil status testfossil repository: /home/tester5/Documenten.orig/testfossil local-root: /home/tester5/Documenten.orig/ config-db: /home/tester5/.fossil checkout: 4562ad284b80e2b3744a5f6273177f26694b0484 2017-12-30 13:56:21 UTC tags: trunk comment: initial empty check-in (user: tester5) $ fossil ui testfossil1 Listening for HTTP requests on TCP port 8080 shows in browser http://localhost:8080/doc/trunk/www/index.wiki titled "What is fossil" Trying to follow Rémi's example brings me into problems due to my lack of ..... Good enough for me.
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
Keywords: (none) => advisoryCC: (none) => davidwhodgins
Validating based on the fossil version command working.
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0042.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED