24763 – libssh2 possible regression caused by CVE-2019-3859 fix

Bug 24763 - libssh2 possible regression caused by CVE-2019-3859 fix

Summary: libssh2 possible regression caused by CVE-2019-3859 fix

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	All Packagers
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-05-03 21:02 CEST by David Walser
Modified:	2020-08-23 15:53 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	libssh2-1.7.0-2.1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-05-03 21:02:45 CEST

openSUSE has issued an advisory on April 29:
https://lists.opensuse.org/opensuse-updates/2019-04/msg00205.html

I'm not sure, but the regression fix may have been in 1.8.2.

Comment 1 Marja Van Waes 2019-05-03 21:38:13 CEST

Assigning to all packagers collectively, since there is no registered maintainer for this package.
Also CC'ing two committers.

CC: (none) => geiger.david68210, marja11, nicolas.salguero
Assignee: bugsquad => pkg-bugs

Comment 2 Aurelien Oudelet 2020-08-23 14:45:55 CEST

Since there are insufficient details provided in this report for us to investigate the issue further, and we have not received feedback to the information we have requested above, we will assume the problem was not reproducible, or has been fixed in one of the updates we have released for the reporter's distribution.

@David, is this still valid in Cauldron?

Assignee: pkg-bugs => qa-bugs
CC: (none) => ouaurelien
Keywords: (none) => NEEDINFO

Comment 3 David Walser 2020-08-23 15:53:47 CEST

Mageia 7 has 1.8.2 and Mageia 6 is EOL.

Status: NEW => RESOLVED
Keywords: NEEDINFO => (none)
Resolution: (none) => OLD
Assignee: qa-bugs => pkg-bugs

Note You need to log in before you can comment on or make changes to this bug.