+++ This bug was initially created as a clone of Bug #22445 +++ Upstream has issued advisories today (January 24): https://curl.haxx.se/docs/adv_2018-824a.html https://curl.haxx.se/docs/adv_2018-b3bf.html The issues are fixed in 7.58.0 (uploaded for Cauldron) and patches are available. Mageia 5 has yet to be dealt with. The patches don't apply cleanly as-is.
Flags: (none) => in_errata7-
Assigning to the registered maintainer. @ David I don't understand why you set: Flags: (none) => in_errata7-
Assignee: bugsquad => shlomifCC: (none) => marja11
I didn't, it did that when I cloned the other bug. I tried to remove it. It didn't work.
Flags: in_errata7- => (none)
Debian has issued an advisory for this on January 26: https://www.debian.org/security/2018/dsa-4098 CVE-2018-1000005 does not affect Mageia 5. Rediffed patch from Debian checked into Mageia 5 SVN for CVE-2018-1000007.
Summary: curl new security issues CVE-2018-1000005 and CVE-2018-1000007 => curl new security issue CVE-2018-1000007
Status comment: (none) => Fix checked into SVN
Depends on: (none) => 22772
Upstream has issued an advisory today (September 5): https://curl.haxx.se/docs/CVE-2018-14618.html
The limited support Mga5 continued to have after its official EOL has ended, so closing this bug as OLD.
Resolution: (none) => OLDStatus: NEW => RESOLVED