Bug 30036 - rlwrap possible new security issue fixed upstream in 0.45.2
Summary: rlwrap possible new security issue fixed upstream in 0.45.2
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-02-11 22:03 CET by David Walser
Modified: 2022-02-18 01:15 CET (History)
6 users (show)

See Also:
Source RPM: rlwrap-0.43-4.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-02-11 22:03:51 CET 
Fedora has issued an advisory today (February 11):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/75IFRDJ4JMJTPQCPYVWJMIZTEJ6I367Y/

It's not clear what the security issue is, but the release notes are here:
https://github.com/hanslub42/rlwrap/releases
Comment 1 Lewis Smith 2022-02-12 19:25:10 CET 
This little visited SRPM has no registered nor evident maintainer, so having to assign this update globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2022-02-15 13:57:02 CET 
Suggested advisory:
========================

The updated package fixes a possible security vulnerability.

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/75IFRDJ4JMJTPQCPYVWJMIZTEJ6I367Y/
https://github.com/hanslub42/rlwrap/releases
========================

Updated package in core/updates_testing:
========================
rlwrap-0.45.2-1.mga8

from SRPM:
rlwrap-0.45.2-1.mga8.src.rpm

Assignee: pkg-bugs => qa-bugs
CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Version: Cauldron => 8

Comment 3 Herman Viaene 2022-02-17 11:00:37 CET 
MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues.
No previous updtates,so started googling. From what I read this seemsto be a tool used in programming, but I coulldn't make any sense of the examples I found (often refering to some programming task).
Leaving for someone else with a better background than me, unless this can be OK'ed on clean install???

CC: (none) => herman.viaene

Comment 4 Len Lawrence 2022-02-17 13:29:28 CET 
I just had a look at this Herman.  Looks like it is a way to use readline, which seems to be a function common to many programming languages and can be used at the cli via rlwrap.  Could not make enough sense of the man pages after more than an hour's reading to actually run it in any simple fashion so gave up for the time being.

My inclination is to say send it on.

CC: (none) => tarazed25

Herman Viaene 2022-02-17 13:33:23 CET

Whiteboard: (none) => MGA8-64-OK

Comment 5 Thomas Andrews 2022-02-17 21:54:00 CET 
Thanks for the effort, guys.

Validating. Advisory in Comment 2

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-02-18 00:17:03 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 6 Mageia Robot 2022-02-18 01:15:33 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0069.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.