Bug 148865 - CAN-2004-1004 multiple issues with mc (CAN-2004-1005 & CAN-2004-1176)
CAN-2004-1004 multiple issues with mc (CAN-2004-1005 & CAN-2004-1176)
Status: CLOSED DUPLICATE of bug 152889
Product: Fedora Legacy
Classification: Retired
Component: mc (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
: Security
Depends On:
  Show dependency treegraph
Reported: 2005-02-16 09:20 EST by Josh Bressers
Modified: 2007-04-18 13:19 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-07-13 08:08:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-02-16 09:20:06 EST
*** This bug has been split off bug 148864 ***

------- Original comment by Josh Bressers (Security Response Team) on 2005.02.16
09:15 -------

Two issues with mc have been reported to the Debian BTS.  You can find more
information here:
Comment 1 Josh Bressers 2005-02-16 09:20:59 EST
This issue should also affect FC2.
Comment 2 Jindrich Novy 2005-02-18 05:08:40 EST
FC3, devel packages are unaffected.

The FC2 version needs to be patched.
Comment 3 Leonard den Ottolander 2005-02-22 18:38:13 EST
Don't forget CAN-2004-1176.
Comment 4 Jindrich Novy 2005-03-01 03:56:15 EST
Josh, do you have any objections to release the FC2 update with the newer
mc-4.6.1-pre3? This version is not vulnerable to all noted CANs. I did basic 
testing under FC2 and it works fine. (I did FC3 update with the same mc 
version recently and have no bugreports since that time related to security or 
other issues)
Comment 5 Jindrich Novy 2005-03-17 09:27:14 EST
testing update of mc-4.6.1-pre3 is now signed and pushed.
Comment 6 Matthew Miller 2005-04-11 23:32:35 EDT
This doesn't ever appear to have been pushed from testing, and FC2 is now in the
hands of Fedora Legacy.
Comment 7 Matthew Miller 2005-04-12 00:12:38 EDT
*** Bug 127973 has been marked as a duplicate of this bug. ***
Comment 8 Jindrich Novy 2005-04-12 08:27:35 EDT
Yes, it's still in testing. I'll contact Bill if it's possible to move it to final.
Comment 9 Matthew Miller 2005-04-12 09:37:25 EDT
Are there any known issues with the in-testing package? Thanks!
Comment 10 Leonard den Ottolander 2005-04-12 18:35:04 EDT
No issues since pre2 I believe. These issues only affect plain 4.6.0 and before.

Like bug 127973 (which is *not* a dup of this bug) this issue can be closed
ERRATA afaict.
Comment 11 Matthew Miller 2005-04-12 18:45:05 EDT
Reopening, because, like bug #127973, the errata hasn't actually been released.
Comment 12 Leonard den Ottolander 2005-04-12 18:52:02 EDT
Hi Matt. Just collisioned as I was doing the exact same thing ;-) . See bug
127973. <g>
Comment 13 Matthew Miller 2005-04-12 18:58:01 EDT
Hmmm, must be time for me to go get some supper. :)
Comment 14 Marc Deslauriers 2005-07-12 19:32:26 EDT
Packages were pushed to updates-testing.
Comment 15 Pekka Savola 2005-07-13 01:11:28 EDT
I'd suggest this bug be closed, and tracking continued in #152889 ?
Comment 16 Marc Deslauriers 2005-07-13 08:08:19 EDT
Good idea.

*** This bug has been marked as a duplicate of 152889 ***

Note You need to log in before you can comment on or make changes to this bug.