29676 – accountsservice new security issue CVE-2021-3939

Bug 29676 - accountsservice new security issue CVE-2021-3939

Summary: accountsservice new security issue CVE-2021-3939

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:
Whiteboard:	MGA8TOO
Keywords:

Depends on:
Blocks:

Reported:	2021-11-19 18:57 CET by David Walser
Modified:	2021-11-20 14:37 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	accountsservice-0.6.55-2.mga8.src.rpm
CVE:
Status comment:	Patch available from Ubuntu

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-11-19 18:57:07 CET

Ubuntu has issued an advisory on November 16:
https://ubuntu.com/security/notices/USN-5149-1

Mageia 8 is also affected.

David Walser 2021-11-19 18:57:25 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patch available from Ubuntu

Comment 1 Nicolas Salguero 2021-11-20 13:27:55 CET

Hi,

CVE-2021-3939 only affects Ubuntu because it was caused by the patch debian/patches/0010-set-language.patch.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 2 Marja Van Waes 2021-11-20 14:37:19 CET

(In reply to Nicolas Salguero from comment #1)
> Hi,
> 
> CVE-2021-3939 only affects Ubuntu because it was caused by the patch
> debian/patches/0010-set-language.patch.
> 
> Best regards,
> 
> Nico.

Thanks Nico, so closing.

CC: (none) => marja11
Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.