Bug 24562 - ntfs-3g new security issue CVE-2019-9755
Summary: ntfs-3g new security issue CVE-2019-9755
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-25 22:11 CET by David Walser
Modified: 2019-03-26 10:28 CET (History)
3 users (show)

See Also:
Source RPM: ntfs-3g-2017.3.23-6.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-03-25 22:11:57 CET 
Debian has issued an advisory on March 21:
https://www.debian.org/security/2019/dsa-4413

Mageia 6 is also affected.
David Walser 2019-03-25 22:12:02 CET

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2019-03-25 22:15:30 CET 
It's not installed setuid root in Mageia, so this is INVALID.

We should add the patch in Cauldron just in case someone setuid's it themself.

Ubuntu has also issued an advisory for this:
https://usn.ubuntu.com/3914-1/

Whiteboard: MGA6TOO => (none)

Comment 2 Marja Van Waes 2019-03-26 08:39:22 CET 
(In reply to David Walser from comment #1)
> It's not installed setuid root in Mageia, so this is INVALID.
> 
> We should add the patch in Cauldron just in case someone setuid's it
> themself.

Assigning to all packagers collectively, since mr. Nobody owns this package. Also CC'ing two committers.
> 
> Ubuntu has also issued an advisory for this:
> https://usn.ubuntu.com/3914-1/

Assignee: bugsquad => pkg-bugs
CC: (none) => geiger.david68210, lists.jjorge, marja11

Comment 3 David GEIGER 2019-03-26 09:20:43 CET 
Fixed for Cauldron!
Comment 4 Marja Van Waes 2019-03-26 10:28:26 CET 
(In reply to David GEIGER from comment #3)
> Fixed for Cauldron!

Thanks, closing then :-)

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.