SUSE has issued an advisory today (February 16): https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00034.html Mageia 5 and Mageia 6 are also affected.
CC: (none) => geiger.david68210Whiteboard: (none) => MGA6TOO
FYI, Fedora has an "improved security patch" for the last CVE we fixed: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JDDLRNAWT4IVFFYKNVAKZR2C4QP6TX2T/
@David CVE-2016-1372 is only for 9.20.1 release not for our 16.02 release
(In reply to David GEIGER from comment #2) > @David > CVE-2016-1372 is only for 9.20.1 release not for our 16.02 release So in other words it only affects Mageia 5 and we won't be fixing it. OK.
Summary: p7zip new security issues CVE-2016-1372 and CVE-2018-5996 => p7zip new security issue CVE-2018-5996
So done for mga6 and Cauldron!
Thanks! I see now that this CVE only affects the RAR support, which our package removes. Closing.
Status: NEW => RESOLVEDWhiteboard: MGA6TOO => (none)Resolution: (none) => INVALID
There is also a CVE-2018-10115 that only affects RAR, so that doesn't affect us either.
*** Bug 27713 has been marked as a duplicate of this bug. ***