Bug 30341

Summary: maven-shared-utils new security issue CVE-2022-29599
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: geiger.david68210, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: maven-shared-utils-3.2.1-0.7.mga8.src.rpm CVE:
Status comment: Fixed upstream in 3.3.3

Description David Walser 2022-04-26 17:09:52 CEST 
RedHat has issued an advisory today (April 26):
https://access.redhat.com/errata/RHSA-2022:1541

The issue is fixed upstream in 3.3.3.

Mageia 8 is also affected.
David Walser 2022-04-26 17:10:01 CEST

Status comment: (none) => Fixed upstream in 3.3.3
Whiteboard: (none) => MGA8TOO

Comment 2 David Walser 2022-06-30 19:48:34 CEST 
Debian-LTS has issued an advisory for this on June 29:
https://www.debian.org/lts/security/2022/dla-3059
Comment 3 David Walser 2022-08-29 23:52:13 CEST 
Debian-LTS has issued another advisory for this today (August 29):
https://www.debian.org/lts/security/2022/dla-3086
Comment 4 David Walser 2022-09-29 14:14:39 CEST 
Debian has issued an advisory for this on September 28:
https://www.debian.org/security/2022/dsa-5242
Comment 5 David GEIGER 2023-07-01 16:48:53 CEST 
fixed for cauldron with 3.3.4 release!

Status comment: Fixed upstream in 3.3.3 => (none)
CC: (none) => geiger.david68210
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

David Walser 2023-07-01 18:36:21 CEST

Status comment: (none) => Fixed upstream in 3.3.3

Comment 6 Nicolas Salguero 2024-01-12 09:49:26 CET 
Mageia 8 EOL

Status: NEW => RESOLVED
CC: (none) => nicolas.salguero
Resolution: (none) => OLD