Bug 1499310 - CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14930 CVE-2017-14932 CVE-2017-14933 CVE-2017-14934 CVE-2017-14938 CVE-2017-14939 CVE-2017-14940 CVE-2017-14974 CVE-2017-15020 CVE-2017-15021 CVE-2017-15022 ... mingw-binutils: various flaws [epel-all]
Summary: CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14930 CVE-2017-14932 CV...
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: mingw-binutils
Version: epel7
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
Assignee: Nobody's working on this, feel free to take it
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: CVE-2017-14529 CVE-2017-14729 CVE-2017-14745 CVE-2017-14930 CVE-2017-14932 CVE-2017-14933 CVE-2017-14934 CVE-2017-14938 CVE-2017-14939 CVE-2017-14940 CVE-2017-14974 CVE-2017-15020 CVE-2017-15023 CVE-2017-15025 CVE-2017-15022 CVE-2017-15021 CVE-2017-15024 CVE-2017-15225 CVE-2017-15939 CVE-2017-15938 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-17080 CVE-2017-17126 CVE-2017-17121 CVE-2017-17122 CVE-2017-17123 CVE-2017-17124 CVE-2017-17125
TreeView+ depends on / blocked
 
Reported: 2017-10-06 17:52 UTC by Pedro Sampaio
Modified: 2020-02-13 11:27 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Release Note
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-02-13 11:27:49 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2017-10-06 17:52:14 UTC
This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When submitting as an update, use the fedpkg template provided in the next
comment(s).  This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.

Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.

NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time.  If you need to fix the versions independent of each
other, you may clone this bug as appropriate.

Comment 1 Pedro Sampaio 2017-10-06 17:52:19 UTC
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug.  This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=====

# bugfix, security, enhancement, newpackage (required)
type=security

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1499309,1499310

# Description of your update
notes=Security fix for [PUT CVEs HERE]

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

======

Additionally, you may opt to use the bodhi web interface to submit updates:

https://bodhi.fedoraproject.org/updates/new

Comment 2 Andrej Nemec 2017-10-10 09:01:54 UTC
Added new parent flaw bugs 1500233 (CVE-2017-14729) to this tracking bug.

Comment 3 Andrej Nemec 2017-10-10 09:27:47 UTC
Added new parent flaw bugs 1500245 (CVE-2017-14745) to this tracking bug.

Comment 4 Andrej Nemec 2017-10-10 12:00:14 UTC
Added new parent flaw bug 1500327 (CVE-2017-14930), 1500330 (CVE-2017-14932), 1500331 (CVE-2017-14933), 1500332 (CVE-2017-14934) to this tracking bug.

Comment 5 Andrej Nemec 2017-10-10 12:22:25 UTC
Added new parent flaw bug 1500339 (CVE-2017-14938), 1500340 (CVE-2017-14939), 1500341 (CVE-2017-14940) to this tracking bug.

Comment 6 Andrej Nemec 2017-10-10 12:24:52 UTC
Added new parent flaw bugs 1500342 (CVE-2017-14974) to this tracking bug.

Comment 7 Andrej Nemec 2017-10-10 13:16:00 UTC
Added new parent flaw bug 1500372 (CVE-2017-15020), 1500374 (CVE-2017-15023), 1500375 (CVE-2017-15025), 1500376 (CVE-2017-15022), 1500377 (CVE-2017-15021), 1500378 (CVE-2017-15024) to this tracking bug.

Comment 8 Andrej Nemec 2017-10-11 10:34:29 UTC
Added new parent flaw bugs 1500679 (CVE-2017-15225) to this tracking bug.

Comment 9 Andrej Nemec 2017-11-07 09:18:29 UTC
Added new parent flaw bugs 1510338 (CVE-2017-15939) to this tracking bug.

Comment 10 Andrej Nemec 2017-11-21 09:34:16 UTC
Added new parent flaw bugs 1515721 (CVE-2017-15938) to this tracking bug.

Comment 11 Andrej Nemec 2017-11-21 09:55:11 UTC
Added new parent flaw bugs 1515742 (CVE-2017-15996) to this tracking bug.

Comment 12 Andrej Nemec 2017-11-29 09:40:02 UTC
Added new parent flaw bug 1518589 (CVE-2017-16826), 1518590 (CVE-2017-16827), 1518591 (CVE-2017-16828), 1518592 (CVE-2017-16829), 1518594 (CVE-2017-16830), 1518595 (CVE-2017-16831), 1518596 (CVE-2017-16832) to this tracking bug.

Comment 13 Andrej Nemec 2017-12-11 15:21:54 UTC
Added new parent flaw bugs 1524478 (CVE-2017-17080) to this tracking bug.

Comment 14 Andrej Nemec 2017-12-11 15:48:14 UTC
Added new parent flaw bugs 1524498 (CVE-2017-17126) to this tracking bug.

Comment 15 Andrej Nemec 2017-12-11 15:57:13 UTC
Added new parent flaw bug 1524501 (CVE-2017-17121), 1524505 (CVE-2017-17122), 1524509 (CVE-2017-17123), 1524510 (CVE-2017-17124), 1524511 (CVE-2017-17125) to this tracking bug.

Comment 16 Robbie Harwood 2020-01-24 21:22:52 UTC
Hi, was this ever fixed?

Comment 17 Kalev Lember 2020-01-29 12:47:34 UTC
We don't have anyone working on EPEL 7 MinGW packaging. epienbro did the initial import and picked up EPEL maintainership years ago, but since then we lost the ability to have different maintainers for Fedora and EPEL branches after the switch from pkgdb to Pagure.

Re-assigning to nobody.

Comment 18 Richard W.M. Jones 2020-02-13 11:27:49 UTC
All mingw-* EPEL 7 components have been retired.  Please see:

https://pagure.io/fesco/issue/2333

Therefore this bug no longer applies and is being mass closed.


Note You need to log in before you can comment on or make changes to this bug.