Bug 31256

Summary: rabbitmq-server new security issue CVE-2022-31008
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: marja11, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: rabbitmq-server-3.8.18-1.mga8.src.rpm CVE: CVE-2022-31008
Status comment:

Description David Walser 2022-12-09 17:46:34 CET 
SUSE has issued an advisory on December 8:
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013208.html

The issue is fixed upstream in 3.8.32:
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8

Mageia 8 is also affected.
David Walser 2022-12-09 17:46:48 CET

Status comment: (none) => Fixed upstream in 3.8.32
Whiteboard: (none) => MGA8TOO

Comment 2 Marja Van Waes 2022-12-11 23:46:23 CET 
"Nobody" is the maintainer of this package, so assigning to all packagers collectively

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Comment 3 Nicolas Salguero 2024-03-12 11:37:13 CET 
Mageia 8 EOL.

CC: (none) => nicolas.salguero
Source RPM: rabbitmq-server-3.8.18-1.mga9.src.rpm => rabbitmq-server-3.8.18-1.mga8.src.rpm
Status comment: Fixed upstream in 3.8.32 => (none)
Status: NEW => RESOLVED
Whiteboard: MGA8TOO => (none)
CVE: (none) => CVE-2022-31008
Version: Cauldron => 8
Resolution: (none) => OLD