Bug 31487

Summary: pesign new security issue CVE-2022-3560
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Olav Vitters <olav>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: marja11, nicolas.salguero, yvesbrungard
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: pesign-112-9.mga8.src.rpm CVE:
Status comment: Fixed upstream in 116

Description David Walser 2023-02-01 16:21:51 CET 
A security issue in pesign has been announced on January 31:
https://www.openwall.com/lists/oss-security/2023/01/31/6

A patch to fix the issue is attached to the message above.

Mageia 8 is also affected.
David Walser 2023-02-01 16:22:10 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patch available

Comment 1 Marja Van Waes 2023-02-04 22:33:38 CET 
Assigning to our registered pesign maintainer.

CC: (none) => marja11
Assignee: bugsquad => olav

Comment 2 David Walser 2023-02-09 18:07:08 CET 
Fedora has issued an advisory for this today (February 9):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XGKNCR23AN2GDBGUC6KWRD3EKZIOJHYY/

The issue is fixed upstream in 116.

Severity: normal => critical
Status comment: Patch available => Fixed upstream in 116

Comment 3 David Walser 2023-03-07 17:14:10 CET 
RedHat has issued an advisory for this on March 6:
https://access.redhat.com/errata/RHSA-2023:1067
Comment 4 papoteur 2023-06-27 18:50:44 CEST 
Release 116 is built in cauldron.

CC: (none) => yves.brungard_mageia

Comment 5 papoteur 2023-07-02 15:27:13 CEST 
Now updated in cauldron

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)
Source RPM: pesign-115-2.mga9.src.rpm => pesign-112-9.mga8.src.rpm

Comment 6 Nicolas Salguero 2024-01-12 10:35:59 CET 
Mageia 8 EOL

CC: (none) => nicolas.salguero
Status: NEW => RESOLVED
Resolution: (none) => OLD