Bug 31493

Summary: sofia-sip new security issue CVE-2023-22741
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, davidwhodgins, geiger.david68210, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: sofia-sip-1.12.11-10.1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2023-02-01 17:34:27 CET 
Debian-LTS has issued an advisory on January 29:
https://www.debian.org/lts/security/2023/dla-3292

The issue is fixed upstream in 1.13.11:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
Comment 1 David GEIGER 2023-02-04 09:40:00 CET 
Done for mga8, adding upstream patch!

CC: (none) => geiger.david68210

Comment 2 David Walser 2023-02-04 15:56:12 CET 
libsofia-sip-devel-1.12.11-10.2.mga8
libsofia-sip0-1.12.11-10.2.mga8
sofia-sip-1.12.11-10.2.mga8
libsofia-sip-static-devel-1.12.11-10.2.mga8

sofia-sip-1.12.11-10.2.mga8.src.rpm

Assignee: kde => qa-bugs

Comment 3 Thomas Andrews 2023-02-05 00:41:20 CET 
No installation issues. Tested as in bug 30806 Comment 5 with no issues noted, though the test is far from thorough.

Giving this an OK, and validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK

Dave Hodgins 2023-02-06 21:04:43 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 4 Mageia Robot 2023-02-07 01:09:01 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0040.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED