Bug 31545

Summary:	qbase5, qtbase6 new security issue CVE-2023-24607
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	KDE maintainers <kde>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	geiger.david68210
Version:	8
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	qtbase5-5.15.7-3.mga9.src.rpm, qtbase6-6.4.1-4.mga9.src.rpm	CVE:
Status comment:	Patches available from Fedora
Bug Depends on:	29359
Bug Blocks:	29977

Description David Walser 2023-02-13 18:21:54 CET

Fedora has issued advisories today (February 13):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ROR2PXGZF6MR6GU4CVH5ANLG42EZEIQK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GGO54VNEU4WIOXZDCAWUWODWDXSOCH5X/

Mageia 8 is also affected.

David Walser 2023-02-13 18:22:16 CET

Blocks: (none) => 29977
Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patches available from Fedora

Comment 1 David GEIGER 2023-02-13 19:22:50 CET

Done for Cauldron!

CC: (none) => geiger.david68210

Comment 2 David Walser 2023-02-13 21:28:44 CET

qtbase5-5.15.7-4.mga9 and qtbase6-6.4.1-5.mga9.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 3 David Walser 2023-02-17 15:28:20 CET

Can we please address these security issues while we're pushing a qtbase5 update already?

Depends on: (none) => 29359

Comment 4 David GEIGER 2023-02-17 18:30:35 CET

I just added the fix for CVE-2022-25255!

Comment 5 David Walser 2023-02-20 22:36:40 CET

Fixed for Mageia 8 in:
https://advisories.mageia.org/MGASA-2023-0051.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED