Bug 30707

Summary: qpdf new security issue CVE-2021-36978 and CVE-2022-34503
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Thierry Vignaud <thierry.vignaud>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: marja11, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: qpdf-10.1.0-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2022-08-04 19:11:54 CEST 
SUSE has issued an advisory today (August 4):
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011797.html
Comment 2 Marja Van Waes 2022-08-05 14:44:06 CEST 
Assigning to our registered qpdf maintainer

CC: (none) => marja11
Assignee: bugsquad => thierry.vignaud

Comment 3 Nicolas Salguero 2022-10-19 14:14:41 CEST 
Hi,

According to Debian, CVE-2021-36978 was fixed in version 10.1.0 and CVE-2022-34503 was fixed in 9.0.0 so Mageia 8 should not be affected.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 4 David Walser 2022-10-19 14:46:39 CEST 
Thanks.

Status: NEW => RESOLVED
Resolution: (none) => INVALID