| Summary: | yajl, mongo-c-driver new security issue CVE-2022-24795 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | papoteur <yvesbrungard> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | guillomovitch, nicolas.salguero, yvesbrungard |
| Version: | 8 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | yajl-2.1.0-3.mga8.src.rpm, mongo-c-driver-1.17.3-1.mga8.src.rpm | CVE: | |
| Status comment: | yajl patched, mongo-c-driver still needs to be patched | ||
| Bug Depends on: | 32072 | ||
| Bug Blocks: | |||
|
Description
David Walser
2022-05-19 18:52:21 CEST
David Walser
2022-05-19 18:52:55 CEST
Whiteboard:
(none) =>
MGA8TOO yajl is a homeless package, so assigning this update globally for that. mongo-c-driver is done by Guillaume, so CC'ing you for that. But you might perhaps also do the yajl part?. CC:
(none) =>
guillomovitch For yajl, cauldron is updated. In mageia 8, there is now: lib64yajl2-2.1.0-4.mga8 yajl-2.1.0-4.mga8 lib64yajl-devel-2.1.0-4.mga8 From the source: yajl-2.1.0-4.mga8.src.rpm Assignee:
pkg-bugs =>
qa-bugs I see that mongo-c-driver is updated to 1.21.2 in cauldron but has not been touched in Mageia 8 Assigning back to papoteur, as mongo-c-driver has not been fixed yet. Status comment:
(none) =>
yajl patched, mongo-c-driver still needs to be patched RedHat has issued an advisory for this today (November 8): https://access.redhat.com/errata/RHSA-2022:7524
David Walser
2023-07-05 22:52:01 CEST
Depends on:
(none) =>
32072 Mageia 8 EOL Resolution:
(none) =>
OLD |