No registered maintainer, unfortunately

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Suggested advisory:
========================

The updated package fixes a security vulnerability:

Privilege escalation that allows an attacker to add or remove data in any database or make configuration changes. (CVE-2021-38295)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38295
https://www.openwall.com/lists/oss-security/2021/10/12/2
========================

Updated package in core/updates_testing:
========================
couchdb-3.1.2-1.mga8

from SRPM:
couchdb-3.1.2-1.mga8.src.rpm

CC: (none) => nicolas.salguero
Status comment: Fixed upstream in 3.1.2 => (none)
Version: Cauldron => 8
Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs
Whiteboard: MGA8TOO => (none)
Source RPM: couchdb-3.1.1-2.mga9.src.rpm => couchdb-3.1.1-1.mga8.src.rpm
CVE: (none) => CVE-2021-38295

MGA8-64 Plasma on Lenovo B50
No installation issues.
Looking for a wa  to test this, ref bug 14788 Comment 7,but that link is not valid anymore.
Tried CLi but got:
$ couchdb 
cat: /usr/bin/../releases/start_erl.data: file or folder does not exist
/usr/bin/couchdb: regel 47: /usr/bin/../erts-/bin/erlexec:file or folder does not exist
Googled and found https://www.unixmen.com/how-to-install-and-run-couchdb-in-ubuntu-linux-15-04/
but got
curl localhost:5984
curl: (7) Failed to connect to localhost port 5984: Connection refused
Openedport 5984 in firewall, nope
Switched off firewall completely: nope
Ping is OK, telnet localhost or telnet localhost 80 is OK (httpd i running) but

$ telnet localhost 5984
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused

Running out of ideas.

CC: (none) => herman.viaene

Checked 
# systemctl status couchdb
● couchdb.service - CouchDB Server
     Loaded: loaded (/usr/lib/systemd/system/couchdb.service; disabled; vendor preset: disabled)
     Active: inactive (dead)
# systemctl start couchdb
# systemctl -l status couchdb
● couchdb.service - CouchDB Server
     Loaded: loaded (/usr/lib/systemd/system/couchdb.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Mon 2021-10-18 10:48:35 CEST; 39s ago
    Process: 13999 ExecStart=/usr/bin/erl +Bd -noinput -sasl errlog_type error +K true +A 4 -couch_ini /etc/couchdb/default.ini /etc/couchdb/local.ini -s couch -pidfile /var/run/couchdb/couchdb.pid -heart (code=e>
   Main PID: 13999 (code=exited, status=1/FAILURE)
        CPU: 229ms

okt 18 10:48:35 mach5.hviaene.thuis systemd[1]: couchdb.service: Scheduled restart job, restart counter is at 5.
okt 18 10:48:35 mach5.hviaene.thuis systemd[1]: Stopped CouchDB Server.
okt 18 10:48:35 mach5.hviaene.thuis systemd[1]: couchdb.service: Start request repeated too quickly.
okt 18 10:48:35 mach5.hviaene.thuis systemd[1]: couchdb.service: Failed with result 'exit-code'.
okt 18 10:48:35 mach5.hviaene.thuis systemd[1]: Failed to start CouchDB Server.

Th refered site at the end states:
If service is not responding to port 5984 for any reason, try running “couchdb” command on the terminal, it should start it or atleast show you error message with details of why its failing.
As shown in Comment 3, something might be missing????

I gave up on the erlang problems.
Validating based on a clean install of the update over the prior version.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0520.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED