Bug 30988

Summary: firefox missing fix for CVE-2022-40674 in bundled expat
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, fri, nicolas.salguero, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: firefox CVE:
Status comment:

Description David Walser 2022-10-19 17:32:05 CEST 
RedHat has issued an advisory on October 18:
https://access.redhat.com/errata/RHSA-2022:7024

Patch included in firefox-102.4.0-1.1.mga8.

It also includes a webrtc fix patch, which may fix the issue with BigBlueButton (whatever that is) that was mentioned when we started testing the 102.x series.

Patched package is building and should be available later today.
Comment 1 Nicolas Salguero 2022-10-20 09:15:06 CEST 
Hi,

After some tests, I can now say that the webrtc fix patch really solves the issue with BigBlueButton.

Many thanks,

Nico.

CC: (none) => nicolas.salguero

Comment 2 Morgan Leijström 2022-10-23 22:44:08 CEST 
mga8-64, Plasma: short test OK, continue using.
Clean update
Swedish locale
settings and open tabs kept
Surfing, video, bank logins...

CC: (none) => fri

Comment 3 Thomas Andrews 2022-10-24 17:47:11 CEST 
MGA8-64 Plasma, US English, no issues here.

CC: (none) => andrewsfarm

Comment 4 Dave Hodgins 2022-10-26 19:25:55 CEST 
No regressions noticed. Validating the update

Whiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-10-28 04:04:27 CEST

Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-10-28 08:55:54 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0399.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED