Bug 31674

Summary: hotspot new security issue CVE-2023-28144
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Rémi Verschelde <rverschelde>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: hotspot-1.3.0-3.mga9.src.rpm CVE:
Status comment:

Description David Walser 2023-03-14 16:30:46 CET 
A security issue in hotspot has been announced today (March 14):
https://www.openwall.com/lists/oss-security/2023/03/14/8

It sounds like the vulnerability isn't fully exposed until version 1.4.1, but the initial basis for it is present in 1.3.0.

We should at least patch it for Cauldron and commit the patch to Mageia 8 SVN.
Comment 1 Lewis Smith 2023-03-14 20:59:24 CET 
Hotspot is down to Rémi, so assigning this to you.

Assignee: bugsquad => rverschelde

Comment 2 David GEIGER 2023-07-02 10:37:15 CEST 
hotspot 1.4.1 is on cauldron!

CC: (none) => geiger.david68210
Version: Cauldron => 8

Comment 3 David Walser 2023-07-02 14:41:37 CEST 
Version 1.4.1 exposes the issue, it doesn't fix it.

Version: 8 => Cauldron

Comment 4 David GEIGER 2023-07-02 20:08:54 CEST 
I already added the patch to fix this security issue:
https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c

https://svnweb.mageia.org/packages?view=revision&revision=1950151

Version: Cauldron => 8

Comment 5 Nicolas Salguero 2024-01-12 10:39:11 CET 
Mageia 8 EOL

Status: NEW => RESOLVED
CC: (none) => nicolas.salguero
Resolution: (none) => OLD