Bug 31899

Summary:	libtiff new security issues CVE-2023-3077[45]
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	Nicolas Salguero <nicolas.salguero>
Status:	RESOLVED DUPLICATE	QA Contact:	Sec team <security>
Severity:	major
Priority:	Normal	CC:	nicolas.salguero
Version:	8
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	libtiff-4.2.0-1.15.mga8.src.rpm	CVE:
Status comment:

Description David Walser 2023-05-09 16:00:58 CEST

RedHat has issued an advisory today (May 9):
https://access.redhat.com/errata/RHSA-2023:2340

Mageia 8 is also affected.

David Walser 2023-05-09 16:01:04 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 Nicolas Salguero 2023-05-10 09:47:27 CEST

Hi,

Those CVEs were fixed in version 4.5.0rc1 so Cauldron is not affected.

Best regards,

Nico.

Version: Cauldron => 8
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => (none)
Source RPM: libtiff-4.5.0-5.mga9.src.rpm => libtiff-4.2.0-1.15.mga8.src.rpm

Comment 2 Nicolas Salguero 2023-05-12 10:26:44 CEST

Hi,

After checking, I found that:
  - CVE-2023-30774 was already fixed by the patch for CVE-2022-3599 (bug 31091).
  - CVE-2023-30775 was already fixed by the patch for CVE-2022-3570 and CVE-2022-3598 (bug 30999).

Best regards,

Nico.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 David Walser 2023-05-14 01:45:32 CEST

Thanks, marking as a duplicate of the later bug.

*** This bug has been marked as a duplicate of bug 31091 ***

Resolution: FIXED => DUPLICATE