Bug 6742 - jruby new security issues CVE-2011-4838 and CVE-2012-5370
Summary: jruby new security issues CVE-2011-4838 and CVE-2012-5370
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: Rémy CLOUARD (shikamaru)
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/506206/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-07-11 00:48 CEST by David Walser
Modified: 2013-11-22 15:53 CET (History)
3 users (show)

See Also:
Source RPM: jruby-1.4.0-3.mga2.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2012-07-11 00:48:11 CEST
Gentoo has issued an advisory on July 9:
http://www.gentoo.org/security/en/glsa/glsa-201207-06.xml

This issue is fixed upstream in 1.6.5.1.

Mageia 2 is also affected.
David Walser 2012-07-11 00:49:16 CEST

CC: (none) => dmorganec
Whiteboard: (none) => MGA2TOO

Comment 1 Rémy CLOUARD (shikamaru) 2012-12-07 22:34:41 CET
also taking that one, thanks for the report

Regards,

Status: NEW => ASSIGNED
CC: (none) => shikamaru
Assignee: bugsquad => shikamaru

Comment 2 David Walser 2012-12-21 17:20:30 CET
RedHat has issued an advisory today (December 21):
https://rhn.redhat.com/errata/RHSA-2012-1604.html

This adds a new CVE for JRuby, CVE-2012-5370, fixed upstream in 1.7.1.

from http://lwn.net/Vulnerabilities/530373/

Summary: jruby new security issue CVE-2011-4838 => jruby new security issues CVE-2011-4838 and CVE-2012-5370

David Walser 2012-12-21 17:24:12 CET

Severity: normal => major

David Walser 2013-02-13 20:26:24 CET

CC: (none) => fundawang

Comment 3 David Walser 2013-02-23 16:56:35 CET
Package removed from Cauldron.  Changing version assignment to Mageia 2 only.

Version: Cauldron => 2
Whiteboard: MGA2TOO => (none)

Comment 4 David Walser 2013-11-22 15:53:56 CET
Closing this now due to Mageia 2 EOL.

http://blog.mageia.org/en/2013/11/21/farewell-mageia-2/

Status: ASSIGNED => RESOLVED
Resolution: (none) => OLD
QA Contact: (none) => security


Note You need to log in before you can comment on or make changes to this bug.