Debian-LTS has issued an advisory on November 1: https://www.debian.org/lts/security/2020/dla-2426 The issue is fixed upstream in 4.13.1: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp Mageia 7 is also affected.
Status comment: (none) => Fixed upstream in 4.13.1Whiteboard: (none) => MGA7TOO
Upgraded cauldron to version 4.13.1. Patched package uploaded for Mageia 7. Advisory: ======================== Updated junit package fixes security vulnerability: It was discovered that junit contained a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability (CVE-2020-15250). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250 https://www.debian.org/lts/security/2020/dla-2426 ======================== Updated packages in core/updates_testing: ======================== junit-4.12-7.1.mga7.noarch.rpm junit-javadoc-4.12-7.1.mga7.noarch.rpm junit-manual-4.12-7.1.mga7.noarch.rpm from junit-4.12-7.1.mga7.src.rpm
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)Assignee: java => qa-bugsCC: (none) => mrambo
MGA7-64 MATE on Peaq C1011 No installation issues. Found https://github.com/junit-team/junit4/wiki/Getting-started for testing, just limiited myself to the successfull test. I will upload the test files, but for future reference: don't forget to copy the jar's to the working directory. $ javac Calculator.java $ javac -cp .:junit.jar:core.jar CalculatorTest.java $ java -cp .:junit.jar:core.jar org.junit.runner.JUnitCore CalculatorTest JUnit version 4.12 . Time: 0.021 OK (1 test) OK'ing unless someone else has another idea.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Created attachment 11980 [details] Primary test file
Created attachment 11981 [details] To test the test file
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory pushed to SVN.
CC: (none) => ouaurelienKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0403.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED