Bug 23129 - guava new security issue CVE-2018-10237
Summary: guava new security issue CVE-2018-10237
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Java Stack Maintainers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-07 19:19 CEST by David Walser
Modified: 2019-11-06 13:28 CET (History)
1 user (show)

See Also:
Source RPM: guava-18.0-9.mga6.src.rpm
CVE:
Status comment: Patch available from Fedora

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-06-07 19:19:31 CEST 
Fedora has issued an advisory on May 14:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ANZI3CZ5L2Y6MKOOLTLDX77CGUZ6NF64/

The issue is fixed upstream in 24.1.1 and 25.0 and Fedora has a patch.

I see the Java team was already aware of this and didn't file a bug.  Please file bugs when you become aware of security issues!

Mageia 5 is also affected (but doesn't need to be fixed).
David Walser 2018-06-07 19:20:33 CEST

Status comment: (none) => Patch available from Fedora

Comment 1 Mike Rambo 2019-11-06 13:28:31 CET 
Mageia 6 is EOL.

Resolution: (none) => OLD
CC: (none) => mrambo
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.