Bug 29484

Summary: edk2 new security issue CVE-2021-38575
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: edk2-20210527gite1999b264f1f-2.mga9.src.rpm CVE:
Status comment: Fixed upstream in 202108

Description David Walser 2021-09-23 16:28:26 CEST 
Ubuntu has issued an advisory today (September 23):
https://ubuntu.com/security/notices/USN-5088-1

The issue is fixed upstream in 202108:
https://github.com/tianocore/edk2/releases/tag/edk2-stable202108

Mageia 8 is also affected.
David Walser 2021-09-23 16:28:53 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 202108

Comment 1 David Walser 2023-02-16 21:19:06 CET 
Fedora has issued an advisory today (February 16):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VO363SLUAI4JBSF2WZ7XHBERODKZP47B/

It fixes issues in the bundled openssl.
Comment 2 David Walser 2023-05-18 18:09:34 CEST 
(In reply to David Walser from comment #1)
> Fedora has issued an advisory today (February 16):
> https://lists.fedoraproject.org/archives/list/package-announce@lists.
> fedoraproject.org/thread/VO363SLUAI4JBSF2WZ7XHBERODKZP47B/
> 
> It fixes issues in the bundled openssl.

RedHat has issued an advisory for this on May 16:
https://access.redhat.com/errata/RHSA-2023:2932
Comment 3 Nicolas Salguero 2024-03-13 14:02:56 CET 
Mageia 8 EOL.

Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero
Version: Cauldron => 8
Status: NEW => RESOLVED
Resolution: (none) => OLD