Bug 22405 - syncthing new security issue CVE-2017-1000420
Summary: syncthing new security issue CVE-2017-1000420
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Daniel Lucio
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
: 22133 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-01-16 14:00 CET by David Walser
Modified: 2019-09-29 22:40 CEST (History)
2 users (show)

See Also:
Source RPM: syncthing-0.14.30-1.mga6.src.rpm
CVE:
Status comment: Fixed upstream in 0.14.37


Attachments

Description David Walser 2018-01-16 14:00:23 CET
openSUSE has issued an advisory on January 15:
https://lists.opensuse.org/opensuse-updates/2018-01/msg00046.html

The issue was fixed upstream in 0.14.37.
David Walser 2018-02-02 18:32:03 CET

Status comment: (none) => Fixed upstream in 0.14.37

Comment 1 Morgan Leijström 2018-03-21 10:38:51 CET
*** Bug 22133 has been marked as a duplicate of this bug. ***

CC: (none) => fri

Comment 2 Morgan Leijström 2018-03-21 10:55:57 CET
WORKAROUND: syncthing gtk can easily download and use latest syncthing

Bug 22811 - syncthing-gtk is old (WORKAROUND: use Appimage test OK)
David Walser 2019-01-01 05:36:10 CET

Whiteboard: (none) => MGA6TOO
Version: 6 => Cauldron

Comment 3 David Walser 2019-01-02 01:23:29 CET
Dropped in Cauldron.

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 4 Morgan Leijström 2019-01-02 10:12:51 CET
Dropping, so it will not be in mga7 ?

Yes better to drop when we do not have time to keep it updated.
nikos papadopoulos 2019-02-28 23:20:39 CET

CC: (none) => nikos769

Comment 13 Morgan Leijström 2019-09-28 01:53:25 CEST
FWIW, i just installed Fedora package 
https://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/s/syncthing-1.2.2-1.fc32.x86_64.rpm
on mga7 and it works.

https://rpmfind.net/linux/rpm2html/search.php?query=syncthing&submit=Search+...

It is also possible to build locally but the go compiler takes 0,6 GB to install...
Comment 14 Morgan Leijström 2019-09-29 22:40:13 CEST
We do not package syncthing anymore.
https://bugs.mageia.org/show_bug.cgi?id=22405#c3

Resolution: (none) => OLD
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.