Bug 27849 - xstream new security issue CVE-2020-26217
Summary: xstream new security issue CVE-2020-26217
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: Java Stack Maintainers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on: 27980
Blocks:
  Show dependency treegraph
 
Reported: 2020-12-16 15:34 CET by David Walser
Modified: 2021-07-01 18:26 CEST (History)
2 users (show)

See Also:
Source RPM: xstream-1.4.12-1.mga8.src.rpm
CVE:
Status comment: Fixed upstream in 1.4.14, patch available from Debian


Attachments

Description David Walser 2020-12-16 15:34:21 CET
Debian has issued an advisory on December 15:
https://www.debian.org/security/2020/dsa-4811

The issue is fixed upstream in 1.4.14.

Mageia 7 is also affected.
David Walser 2020-12-16 15:34:27 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Nicolas Lécureuil 2020-12-24 12:49:39 CET
fixed in cauldron

CC: (none) => mageia
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

David Walser 2020-12-28 19:15:49 CET

Status comment: (none) => Fixed upstream in 1.4.14, patch available from Debian

Zombie Ryushu 2020-12-29 07:08:36 CET

CC: (none) => zombie_ryushu
URL: (none) => https://nvd.nist.gov/vuln/detail/CVE-2020-26259
CVE: (none) => CVE-2020-26259

Zombie Ryushu 2020-12-29 07:08:53 CET

Version: 7 => Cauldron
Whiteboard: (none) => MGA7TOO

David Walser 2020-12-29 16:23:26 CET

CVE: CVE-2020-26259 => (none)
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-26259 => (none)
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

David Walser 2020-12-29 16:29:49 CET

Depends on: (none) => 27980

Comment 3 David Walser 2021-01-18 16:56:08 CET
RedHat has issued an advisory for this today (January 18):
https://access.redhat.com/errata/RHSA-2021:0162
Comment 4 David Walser 2021-01-23 19:48:44 CET
openSUSE has issued an advisory for this on January 22:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CTO6QRFLVKVHOYBP6VLJP4KZXZFZSKET/
Comment 5 David Walser 2021-07-01 18:26:45 CEST
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Status: NEW => RESOLVED
Resolution: (none) => OLD


Note You need to log in before you can comment on or make changes to this bug.