Bug 27665 - rclone new security issue CVE-2020-28924
Summary: rclone new security issue CVE-2020-28924
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Joseph Wang
QA Contact: Sec team
URL:
Whiteboard:
Keywords: Triaged
Depends on:
Blocks:
 
Reported: 2020-11-24 22:25 CET by David Walser
Modified: 2020-12-07 15:32 CET (History)
0 users

See Also:
Source RPM: rclone-1.52.2-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-11-24 22:25:35 CET 
openSUSE has issued an advisory today (November 24):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7U7GCOTNOZAWDNUDHOMKJOI2QXP3XJCD/

The issue is fixed upstream in 1.52.3.
Comment 1 Aurelien Oudelet 2020-11-25 18:26:22 CET 
Hi, thanks for reporting this bug.
Assigned to the package maintainer.

(Please set the status to 'assigned' if you are working on it)

Assignee: bugsquad => joequant
Keywords: (none) => Triaged

Joseph Wang 2020-11-26 05:57:39 CET

Status: NEW => ASSIGNED

Comment 2 Joseph Wang 2020-11-26 10:48:35 CET 
updated in cauldron
Comment 3 David Walser 2020-11-26 15:29:41 CET 
rclone-1.52.3-1.mga8 uploaded for Cauldron.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Comment 4 David Walser 2020-12-06 02:02:08 CET 
Upstream advisory:
https://github.com/rclone/rclone/issues/4783

It's actually 1.53.3 that fixes the issue, so we're not done with this.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 5 David Walser 2020-12-07 15:32:46 CET 
Fixed now in rclone-1.53.3-1.mga8.

Resolution: (none) => FIXED
Status: REOPENED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.