Bug 29892

Summary:	zstd possible new security issue rhbz#2039353
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	Thierry Vignaud <thierry.vignaud>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal
Version:	Cauldron
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	zstd-1.5.1-1.mga9.src.rpm	CVE:
Status comment:

Description David Walser 2022-01-15 01:02:01 CET

Fedora has issued an advisory today (January 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/53BF22JXPBPK47P2MXJOCQY7ZQ42JNJ4/

Referring to the following bug and commit:
https://bugzilla.redhat.com/show_bug.cgi?id=2039353
https://src.fedoraproject.org/rpms/zstd/c/43bd23e45a39f0e025042aa03dda73ff1a48ce52?branch=rawhide

Comment 1 Lewis Smith 2022-01-15 20:54:49 CET

Officially for akien, but tv is the principle maintainer.

Assignee: bugsquad => thierry.vignaud

Kathy Barrera 2023-06-01 09:35:18 CEST

CC: (none) => herringburdensome

David Walser 2023-06-03 18:57:38 CEST

CC: herringburdensome => (none)

Comment 3 Thomas Backlund 2023-06-27 20:16:35 CEST

The CET hardening is included in zstd 1.5.5 we have in Cauldron

Status: NEW => RESOLVED
Resolution: (none) => FIXED