Bug 31228 - apache-commons-net new security issue CVE-2021-37533
Summary: apache-commons-net new security issue CVE-2021-37533
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Java Stack Maintainers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-06 17:14 CET by David Walser
Modified: 2024-01-12 10:32 CET (History)
2 users (show)

See Also:
Source RPM: apache-commons-net-3.8.0-1.mga9.src.rpm
CVE:
Status comment: Fixed upstream in 3.9.0

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-12-06 17:14:00 CET 
Apache has issued an advisory on December 3:
https://www.openwall.com/lists/oss-security/2022/12/03/1

The issue is fixed upstream in 3.9.0.

Mageia 8 is also affected.
David Walser 2022-12-06 17:14:17 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 3.9.0

Comment 1 David Walser 2022-12-30 19:50:05 CET 
Debian has issued an advisory for this on December 29:
https://www.debian.org/security/2022/dsa-5307
Comment 2 David Walser 2023-05-06 22:56:32 CEST 
Ubuntu has issued an advisory for this on April 28:
https://ubuntu.com/security/notices/USN-6037-1
Comment 3 David GEIGER 2023-07-01 09:04:54 CEST 
Patch added for cauldron!

CC: (none) => geiger.david68210

Comment 4 David GEIGER 2023-07-02 18:25:46 CEST 
Packages moved to Core/Release for cauldron!

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 5 Nicolas Salguero 2024-01-12 10:32:47 CET 
Mageia 8 EOL

Resolution: (none) => OLD
CC: (none) => nicolas.salguero
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.