Bug 30424

Summary: sdl2_ttf new security issue CVE-2022-27470
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: RĂ©mi Verschelde <rverschelde>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: geiger.david68210, marja11, nicolas.salguero
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: sdl2_ttf-2.0.18-2.mga9.src.rpm CVE:
Status comment: Patch available from Fedora and upstream

Description David Walser 2022-05-13 22:49:16 CEST 
Fedora has issued an advisory on May 12:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XPYTEBBNHCDGPVFACC5RC5K2FZUCYTPZ/

Mageia 8 is also affected.
David Walser 2022-05-13 22:49:28 CEST

Status comment: (none) => Patch available from Fedora and upstream
Whiteboard: (none) => MGA8TOO

Comment 1 Marja Van Waes 2022-05-17 13:09:59 CEST 
Assigning to the registered sdl2_ttf maintainer

Assignee: bugsquad => rverschelde
CC: (none) => marja11

Comment 2 Nicolas Salguero 2023-03-13 15:56:48 CET 
Hi,

For Cauldron, sdl2_ttf-2.20.2-1.mga9 should solve that issue.

According to https://security-tracker.debian.org/tracker/CVE-2022-27470, Mageia 8 should not be affected by that issue.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 3 David Walser 2023-03-13 16:23:38 CET 
From what I'm seeing, Mageia 8 is affected.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 4 David GEIGER 2023-03-14 19:53:24 CET 
From https://security-tracker.debian.org/tracker/CVE-2022-27470

Debian says it was introduced in commit:

https://github.com/libsdl-org/SDL_ttf/commit/31589bd7316d946d2eb122afaed68bc9b9b0fceb


So this issue committed on 2019-01-31 appears after our current 2.0.15 released on 2019-01-05:

https://github.com/libsdl-org/SDL_ttf/releases/tag/release-2.0.15

CC: (none) => geiger.david68210

Comment 5 David Walser 2023-03-15 01:55:43 CET 
OK.  Thanks.

Version: 8 => Cauldron
Status: NEW => RESOLVED
Resolution: (none) => FIXED