file 5.37 is vulnerable to CVE-2019-18218

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

Tasklist

Attached to Project: Arch Linux
Opened by lily wilson (hotaru) - Friday, 08 November 2019, 21:35 GMT
Last edited by Levente Polyak (anthraxx) - Tuesday, 07 January 2020, 23:33 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Levente Polyak (anthraxx)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 Joe Dillon (l4tt3) (2019-12-30) lily wilson (hotaru) (2019-11-09)
Private	No

Details

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218

no new version from upstream yet, but several other distributions have patched this.

This task depends upon

Closed by Levente Polyak (anthraxx)
Tuesday, 07 January 2020, 23:33 GMT
Reason for closing: Fixed
Additional comments about closing: 5.38-1 currently in [testing]

Comment by lily wilson (hotaru) - Saturday, 09 November 2019, 01:27 GMT

patch is available here: https://src.fedoraproject.org/rpms/file/blob/master/f/file-5.37-CVE-2019-18218.patch

Comment by deleted due to FS#64430 not being updated in due time (vV0RKY0O5c) - Friday, 20 December 2019, 07:57 GMT

^ 404, now here: https://src.fedoraproject.org/rpms/file/blob/ca6970603799c2c9f90582f3f96a32a59dd8a46b/f/file-5.37-CVE-2019-18218.patch
or just update to 5.38 which should have it in, as per: https://src.fedoraproject.org/rpms/file/c/005339db7c0b347a78aab597e97abb5c0f683736?branch=master

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Details

Loading...