MGASA-2020-0403 - Updated junit packages fix a security vulnerability

Publication date: 08 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0403.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-15250

It was discovered that junit contained a local information disclosure
vulnerability. On Unix like systems, the system's temporary directory is
shared between all users on that system. Because of this, when files and
directories are written into this directory they are, by default, readable by
other users on that same system. This vulnerability does not allow other users
to overwrite the contents of these directories or files. This is purely an
information disclosure vulnerability (CVE-2020-15250).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27555
- https://www.debian.org/lts/security/2020/dla-2426
- https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15250

SRPMS:
- 7/core/junit-4.12-7.1.mga7