Bug 31303

Summary: pgadmin4 new security issues CVE-2021-35065, CVE-2022-4223, CVE-2022-46175, CVE-2023-0241, CVE-2023-22298
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: nicolas.salguero, yvesbrungard
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: pgadmin4-4.22-3.mga8.src.rpm CVE:
Status comment: Fixed upstream in 6.19 plus patch from Fedora

Description David Walser 2022-12-19 19:18:42 CET 
Fedora has issued an advisory on December 18:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R5EYTPKHVFSDCETBJI7LBZE4EYHBPN2Q/

The issue is fixed upstream in 6.17.

Mageia 8 is also affected.
David Walser 2022-12-19 19:18:58 CET

Status comment: (none) => Fixed upstream in 6.17
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-12-19 21:25:42 CET 
No one packager in sight for this, so assignong the update globally.

Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2023-01-17 23:52:01 CET 
Fedora has issued an advisory on January 12:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MWRPBXRQXUJY4S564TKU44KGGKG3COW5/

Mageia 8 is also affected.

Status comment: Fixed upstream in 6.17 => Fixed upstream in 6.17 plus patch from Fedora

Comment 3 David Walser 2023-02-01 18:31:21 CET 
Fedora has issued an advisory on January 30:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE/

The issue is fixed upstream in 6.19.

Mageia 8 is also affected.

Summary: pgadmin4 new security issue CVE-2022-4223 => pgadmin4 new security issues CVE-2021-35065, CVE-2022-4223, and CVE-2022-46175
Status comment: Fixed upstream in 6.17 plus patch from Fedora => Fixed upstream in 6.19 plus patch from Fedora

Comment 4 David Walser 2023-02-03 01:54:53 CET 
Fedora has issued an advisory today (February 2):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/

Two other issues were also fixed upstream in 6.19.

Summary: pgadmin4 new security issues CVE-2021-35065, CVE-2022-4223, and CVE-2022-46175 => pgadmin4 new security issues CVE-2021-35065, CVE-2022-4223, CVE-2022-46175, CVE-2023-0241, CVE-2023-22298

Comment 5 David Walser 2023-04-05 02:39:09 CEST 
(In reply to David Walser from comment #4)
> Fedora has issued an advisory today (February 2):
> https://lists.fedoraproject.org/archives/list/package-announce@lists.
> fedoraproject.org/thread/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/
> 
> Two other issues were also fixed upstream in 6.19.

SUSE has issued an advisory for one of those issues on April 3:
https://lists.suse.com/pipermail/sle-security-updates/2023-April/014347.html
Comment 6 David Walser 2023-04-18 13:36:03 CEST 
(In reply to David Walser from comment #5)
> (In reply to David Walser from comment #4)
> > Fedora has issued an advisory today (February 2):
> > https://lists.fedoraproject.org/archives/list/package-announce@lists.
> > fedoraproject.org/thread/VHY2B25YHIIFQ3G44TR7NNEST7FJGJPH/
> > 
> > Two other issues were also fixed upstream in 6.19.
> 
> SUSE has issued an advisory for one of those issues on April 3:
> https://lists.suse.com/pipermail/sle-security-updates/2023-April/014347.html

and for the other one today, April 18:
https://lists.suse.com/pipermail/sle-security-updates/2023-April/014480.html
Comment 7 papoteur 2023-06-20 08:51:39 CEST 
I have removed the package from cauldron.

Whiteboard: MGA8TOO => (none)
Source RPM: pgadmin4-4.30-2.mga9.src.rpm => pgadmin4-4.22-3.mga8.src.rpm
CC: (none) => yves.brungard_mageia
Version: Cauldron => 8

Comment 8 Nicolas Salguero 2024-01-12 10:33:25 CET 
Mageia 8 EOL

CC: (none) => nicolas.salguero
Status: NEW => RESOLVED
Resolution: (none) => OLD