Bug 31231

Summary: libxml2 new security issue CVE-2022-2309
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: David Walser <luigiwalser>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: lewyssmith
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libxml2-2.9.10-7.6.mga8.src.rpm CVE:
Status comment:
Bug Depends on: 31810    
Bug Blocks:    

Description David Walser 2022-12-06 17:55:00 CET 
Ubuntu has issued an advisory on December 5:
https://ubuntu.com/security/notices/USN-5760-1

We already fixed the issue in python-lxml in Bug 30772, so I don't think pushing an update for libxml2 is necessary at this time, but I have committed the patch in Mageia 8 SVN.  It can go out with any subsequent libxml2 update in the future.
Comment 1 Lewis Smith 2022-12-06 20:06:18 CET 
Thanks for your pre-emptive work.
So can we close this?

CC: (none) => lewyssmith

Comment 2 David Walser 2022-12-06 20:36:14 CET 
No, as the update isn't pushed.  I'll just leave this bug open until there's a need to push an update for another libxml2 issue.
Comment 3 Lewis Smith 2022-12-06 20:49:35 CET 
Assign to ? I do not like leaving things hanging about with Bugsquad, but if you so wish, so be it.
Comment 4 David Walser 2022-12-06 21:01:06 CET 
I guess I'll take it for now and assign it to pkg-bugs when something else needs to be done.

Assignee: bugsquad => luigiwalser

Comment 5 Lewis Smith 2022-12-06 21:21:43 CET 
Kind!
David Walser 2023-04-18 13:44:15 CEST

Depends on: (none) => 31810

Comment 6 David Walser 2023-05-06 22:21:00 CEST 
Fixed in:
https://advisories.mageia.org/MGASA-2023-0157.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED