Apache has issued an advisory today (June 28): http://openwall.com/lists/oss-security/2018/06/28/1 The issue is fixed upstream in 3.1.16. Mageia 6 is also affected. IIRC, this package is not needed and has been dropped before, so if that's still the case it should be dropped again from Cauldron. Unfortunately it was re-imported before Mageia 6, so still needs to be fixed there.
Whiteboard: (none) => MGA6TOOStatus comment: (none) => Fixed upstream in 3.1.16
Blocks: (none) => 22029
Whiteboard: MGA6TOO => MGA7TOO, MGA6TOO
Apache has issued advisories on November 5: https://www.openwall.com/lists/oss-security/2019/11/05/2 https://www.openwall.com/lists/oss-security/2019/11/05/3 The issues are fixed upstream in 3.2.11 and 3.3.4.
Status comment: Fixed upstream in 3.1.16 => Fixed upstream in 3.2.11Summary: cxf new security issue CVE-2018-8039 => cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419
Apache has issued advisories today (January 16); https://www.openwall.com/lists/oss-security/2020/01/16/3 https://www.openwall.com/lists/oss-security/2020/01/16/4 The issues are fixed upstream in 3.2.12 and 3.3.5.
Summary: cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419 => cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419, CVE-2019-12423, CVE-2019-17573Status comment: Fixed upstream in 3.2.11 => Fixed upstream in 3.2.12
Apache has issued an advisory today (April 1): https://www.openwall.com/lists/oss-security/2020/04/01/2 The issue is fixed upstream in 3.2.13 and 3.3.6.
Summary: cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419, CVE-2019-12423, CVE-2019-17573 => cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419, CVE-2019-12423, CVE-2019-17573, CVE-2020-1954Whiteboard: MGA7TOO, MGA6TOO => MGA7TOOStatus comment: Fixed upstream in 3.2.12 => Fixed upstream in 3.2.13
Package has been (mercifully) dropped from Cauldron. Apache has issued an advisory on November 12: https://www.openwall.com/lists/oss-security/2020/11/12/2 The issue is fixed upstream in 3.3.8 and 3.4.1.
Whiteboard: MGA7TOO => (none)Summary: cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419, CVE-2019-12423, CVE-2019-17573, CVE-2020-1954 => cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419, CVE-2019-12423, CVE-2019-17573, CVE-2020-1954, CVE-2020-13954Version: Cauldron => 7Status comment: Fixed upstream in 3.2.13 => Fixed upstream in 3.3.8
Apache has issued an advisory on April 2: https://www.openwall.com/lists/oss-security/2021/04/02/2 The issue is fixed upstream in 3.3.10 and 3.4.3.
Status comment: Fixed upstream in 3.3.8 => Fixed upstream in 3.3.10Summary: cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419, CVE-2019-12423, CVE-2019-17573, CVE-2020-1954, CVE-2020-13954 => cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419, CVE-2019-12423, CVE-2019-17573, CVE-2020-1954, CVE-2020-13954, CVE-2021-22696
Apache has issued an advisory today (June 16): https://www.openwall.com/lists/oss-security/2021/06/16/2 The issue is fixed upstream in 3.3.11 and 3.4.4.
Summary: cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419, CVE-2019-12423, CVE-2019-17573, CVE-2020-1954, CVE-2020-13954, CVE-2021-22696 => cxf new security issues CVE-2018-8039, CVE-2019-12406, CVE-2019-12419, CVE-2019-12423, CVE-2019-17573, CVE-2020-1954, CVE-2020-13954, CVE-2021-22696, CVE-2021-30468Status comment: Fixed upstream in 3.3.10 => Fixed upstream in 3.3.11
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Resolution: (none) => OLDStatus: NEW => RESOLVED