Apache has issued an advisory on February 20: https://www.openwall.com/lists/oss-security/2023/02/20/2 The issue is fixed upstream in 1.5: https://commons.apache.org/proper/commons-fileupload/security-reports.html Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 1.5Whiteboard: (none) => MGA8TOO
Done for both mga8 and Cauldron!
CC: (none) => geiger.david68210
apache-commons-fileupload-1.4-3.1.mga8 apache-commons-fileupload-javadoc-1.4-3.1.mga8 from apache-commons-fileupload-1.4-3.1.mga8.src.rpm
Version: Cauldron => 8Assignee: java => qa-bugsWhiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 1.5 => (none)
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Ref bug 12653 finally agreed on OK on clean install. Nevertheless I started httpd and checked "It works" on localhost in Firefox. So good to go.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating.
CC: (none) => andrewsfarm
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0070.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED