Bug 30869

Summary: libdwarf new security issue CVE-2022-39170
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Thierry Vignaud <thierry.vignaud>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: marja11, nicolas.salguero
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libdwarf-0.4.1-1.mga9.src.rpm CVE:
Status comment: Fixed upstream in 0.4.2

Description David Walser 2022-09-19 21:12:39 CEST 
Fedora has issued an advisory on September 18:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/

The issue is fixed upstream in 0.4.2.

Mageia 8 may also be affected.
David Walser 2022-09-19 21:12:54 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 0.4.2

Comment 1 Marja Van Waes 2022-09-19 21:47:06 CEST 
Assigning to the registered maintainer of libdwarf

Assignee: bugsquad => thierry.vignaud
CC: (none) => marja11

Comment 2 Nicolas Salguero 2022-10-19 12:24:27 CEST 
Hi,

According to Debian (https://security-tracker.debian.org/tracker/CVE-2022-39170), version 20201201 is not affected so only Cauldron was affected.

tv already updated Cauldron to 0.4.2.

Best regards,

Nico.

Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero

Comment 3 Nicolas Salguero 2022-10-19 12:24:54 CEST 
Oops, I forgot to close the bug.

Status: NEW => RESOLVED
Resolution: (none) => FIXED