Bug 31665

Summary: woodstox-core new security issue CVE-2022-40152
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, geiger.david68210, herman.viaene, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: woodstox-core-6.2.3-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2023-03-13 22:27:04 CET 
SUSE has issued an advisory on March 8:
https://lists.suse.com/pipermail/sle-security-updates/2023-March/013995.html
Comment 1 David GEIGER 2023-03-15 05:22:39 CET 
Done for mga8!

CC: (none) => geiger.david68210

Comment 2 David Walser 2023-03-15 14:37:19 CET 
woodstox-core-6.2.3-1.1.mga8
woodstox-core-javadoc-6.2.3-1.1.mga8

from woodstox-core-6.2.3-1.1.mga8.src.rpm

Assignee: java => qa-bugs

Comment 3 Herman Viaene 2023-03-16 10:25:23 CET 
MGA8-64 MATE on Ace Aspire 5253
No installation issues.
No info from previous updates. Reading the description in MCC, this is java-developer's territory. 
And
# urpmq --whatrequires woodstox-core
woodstox-core

So ging the OK on cleann install.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2023-03-16 15:25:32 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-03-17 23:51:10 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2023-03-18 23:18:40 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0104.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED