advisories/27153.adv

type: security
subject: Updated fossil package fixes security vulnerability
CVE:
 - CVE-2020-24614
src:
  7:
   core:
     - fossil-2.10.2-1.mga7
description: |
  Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows
  remote authenticated users to execute arbitrary code. An attacker must have
  check-in privileges on the repository (CVE-2020-24614).
  
  The fossil package has been updated to version 2.10.2, containing fixes for
  this issue, fixes for other bugs and security issues, and additional
  enhancements.  See the changes list for details.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=27153
 - https://www.openwall.com/lists/oss-security/2020/08/25/1
 - https://fossil-scm.org/fossil/doc/trunk/www/changes.wiki
ID: MGASA-2020-0354
1	type: security
2	subject: Updated fossil package fixes security vulnerability
3	CVE:
4	- CVE-2020-24614
5	src:
6	7:
7	core:
8	- fossil-2.10.2-1.mga7
9	description: \|
10	Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows
11	remote authenticated users to execute arbitrary code. An attacker must have
12	check-in privileges on the repository (CVE-2020-24614).
13
14	The fossil package has been updated to version 2.10.2, containing fixes for
15	this issue, fixes for other bugs and security issues, and additional
16	enhancements. See the changes list for details.
17	references:
18	- https://bugs.mageia.org/show_bug.cgi?id=27153
19	- https://www.openwall.com/lists/oss-security/2020/08/25/1
20	- https://fossil-scm.org/fossil/doc/trunk/www/changes.wiki
21	ID: MGASA-2020-0354