Apache has issued advisories on November 4: https://www.openwall.com/lists/oss-security/2022/11/04/2 https://www.openwall.com/lists/oss-security/2022/11/04/3 The issues are fixed upstream in 2.5.1. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 2.5.1
patch added for both mga8 and cauldron! Packages in 9/Core/Updates_testing: ====================== apache-ivy-javadoc-2.5.0-4.mga9.noarch.rpm apache-ivy-2.5.0-4.mga9.noarch.rpm Packages in 8/Core/Updates_testing: ====================== apache-ivy-2.5.0-1.1.mga8.noarch.rpm apache-ivy-javadoc-2.5.0-1.1.mga8.noarch.rpm From SRPMS: apache-ivy-2.5.0-4.mga9.src.rpm apache-ivy-2.5.0-1.1.mga8.src.rpm
Assignee: java => qa-bugsCC: (none) => geiger.david68210Status comment: Fixed upstream in 2.5.1 => (none)
apache-ivy moved in Core/Release for cauldron, so fixed for it!
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Developer's stuff, does not harm anything else (httpd starts, localhost 'It works').
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
It doesn't have anything to do with httpd, but clean install/update is fine.
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0216.html
Status: NEW => RESOLVEDResolution: (none) => FIXED