Upstream has issued an advisory on January 26: http://openwall.com/lists/oss-security/2018/01/26/5 The issue is fixed in 1.5. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Status comment: (none) => Fixed upstream in 1.5
openSUSE has issued an advisory for this on February 6: https://lists.opensuse.org/opensuse-updates/2018-02/msg00015.html
Fedora has issued an advisory for this on February 14: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6BK3RDWBGNZHZ6LDJ34DAWVCBE2UGUE3/
Done for Cauldron and also for mga6!
CC: (none) => geiger.david68210
Thanks David! Advisory: ======================== Updated apache-commons-email packages fix security vulnerability: Apache Commons-Email, from version 1.0 to 1.4 inclusive, does not properly validate bounce addresses. If a user of Commons-Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated (CVE-2018-1294). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1294 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6BK3RDWBGNZHZ6LDJ34DAWVCBE2UGUE3/ ======================== Updated packages in core/updates_testing: ======================== apache-commons-email-1.5-1.mga6 apache-commons-email-javadoc-1.5-1.mga6 from apache-commons-email-1.5-1.mga6.src.rpm
Whiteboard: MGA6TOO => (none)Status comment: Fixed upstream in 1.5 => (none)Assignee: java => qa-bugsSeverity: normal => majorVersion: Cauldron => 6
MGA6-32 on Dell Latitude D600 Mate No installation issues. Ref to bug 21435 OK'ing on clean install. Checked at least thunderbird is not disturbed. OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Advisory committed to svn. Validating based on above test.
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0136.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED