Advisories » MGASA-2020-0354

Updated fossil package fixes security vulnerability

Publication date: 30 Aug 2020
Modification date: 30 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-24614

Description

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows
remote authenticated users to execute arbitrary code. An attacker must have
check-in privileges on the repository (CVE-2020-24614).

The fossil package has been updated to version 2.10.2, containing fixes for
this issue, fixes for other bugs and security issues, and additional
enhancements.  See the changes list for details.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27153
• https://www.openwall.com/lists/oss-security/2020/08/25/1
• https://fossil-scm.org/fossil/doc/trunk/www/changes.wiki
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24614

SRPMS

7/core

• fossil-2.10.2-1.mga7