Bug 31890

Summary: libheif new security issue CVE-2023-29659
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Stig-Ørjan Smelror <smelror>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libheif-1.10.0-1.2.mga8.src.rpm CVE:
Status comment: Fixed upstream in 1.15.2

Description David Walser 2023-05-07 01:59:16 CEST 
Fedora has issued an advisory today (May 6):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/

The issue is fixed upstream in 1.15.2.
David Walser 2023-05-07 01:59:28 CEST

Status comment: (none) => Fixed upstream in 1.15.2

Comment 1 Lewis Smith 2023-05-07 21:26:33 CEST 
This is one for Stig. You already have put into Cauldron 1.15.2.

Assignee: bugsquad => smelror

Comment 2 David Walser 2023-05-19 20:21:56 CEST 
SUSE has issued an advisory for this on May 16:
https://lists.suse.com/pipermail/sle-security-updates/2023-May/014909.html
Comment 3 Nicolas Salguero 2024-01-12 10:49:23 CET 
Mageia 8 EOL

CC: (none) => nicolas.salguero
Status: NEW => RESOLVED
Resolution: (none) => OLD