Bug 31110

Summary: php-pear-CAS new security issue CVE-2022-39369
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, mageia, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: php-pear-CAS-1.3.8-1.mga8.src.rpm CVE: CVE-2022-39369
Status comment:

Description David Walser 2022-11-11 19:04:48 CET 
Fedora has issued an advisory on November 10:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/

The issue is fixed upstream in 1.6.0.
David Walser 2022-11-11 19:05:47 CET

Status comment: (none) => Fixed upstream in 1.6.0

Marc Krämer 2022-11-16 00:38:55 CET

CVE: (none) => CVE-2022-39369

Comment 1 David Walser 2022-11-16 16:56:52 CET 
php-pear-CAS-1.6.0-1.mga8 uploaded for Mageia 8 by Marc.  Ready for QA?

Status comment: Fixed upstream in 1.6.0 => (none)

Comment 2 Marc Krämer 2022-11-16 16:58:01 CET 
yes, didn't have the time to write down the changes.
David Walser 2022-11-16 17:28:51 CET

CC: (none) => mageia
Assignee: mageia => qa-bugs

Comment 3 Marc Krämer 2022-11-16 22:44:28 CET 
Updated php-pear-CAS packages fix security vulnerabilities:

This update fixes a vulnerability in this lib. For details see [2].

References:
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39369
[2] https://github.com/advisories/GHSA-8q72-6qq8-xv64
[3] https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/
========================

Updated packages in core/updates_testing:
========================
php-pear-CAS-1.6.0-1.mga8.noarch.rpm

SRPM:
php-pear-CAS-1.6.0-1.mga8.src.rpm
Comment 4 Herman Viaene 2022-11-18 16:43:28 CET 
MGA8-64 MATE on Acer Aspire 5253
No installation issues
This is developer's realm, so as in bug 24367, OK on clean install.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 5 Thomas Andrews 2022-11-18 17:59:27 CET 
Validating. Advisory information in comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-11-18 22:33:53 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 6 Mageia Robot 2022-11-18 23:52:07 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0432.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED