A security issue in accountsservice has been announced on July 2: http://openwall.com/lists/oss-security/2018/07/02/2 The message above links to the upstream bug which contains a suggested patch. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the registered maintainer.
Assignee: bugsquad => shlomifCC: (none) => marja11
Fixed in mga7. Can anyone test there before i update mga6 too?
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)
(In reply to Shlomi Fish from comment #2) > Fixed in mga7. Can anyone test there before i update mga6 too? CC'ing all packagers collectively, maybe one of them can test. I can't test because I'm in too much in a hurry (need to travel to the LSM / RMML tonight). Is testing that it installs enough, or is there a PoC to test?
CC: (none) => pkg-bugs
A better fix than the suggested patch went upstream: http://openwall.com/lists/oss-security/2018/07/20/4
Whiteboard: (none) => MGA6TOOVersion: 6 => Cauldron
SUSE has issued an advisory for this on November 5: http://lists.suse.com/pipermail/sle-security-updates/2018-November/004832.html
Summary: accountsservice new security issue => accountsservice new security issue CVE-2018-14036
openSUSE has issued an advisory for this on November 10: https://lists.opensuse.org/opensuse-updates/2018-11/msg00049.html
Upstream fix included in 0.6.50. I updated Cauldron to 0.6.54.
Mageia 6 is EOL.
Resolution: (none) => OLDStatus: NEW => RESOLVEDCC: (none) => mrambo