Bug 31985

Summary: c-ares new security issues CVE-2023-32067, CVE-2023-31147, CVE-2023-31130, CVE-2023-31124
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: mhrambo3501, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: c-ares-1.19.0-1.mga9.src.rpm CVE:
Status comment: Fixed upstream in 1.19.1

David Walser 2023-06-01 17:36:27 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 1.19.1

Comment 1 Lewis Smith 2023-06-01 21:19:36 CEST 
This SRPM is done by various people, so assigning this update globally.
CC'ing MikeR who put up version 1.19.0.

Assignee: bugsquad => pkg-bugs
CC: (none) => mhrambo3501

Comment 2 Nicolas Salguero 2023-06-08 10:32:54 CEST 
Hi,

Freeze move requested for c-ares-1.19.1-1.mga9.

Best regards,

Nico.

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero

Comment 3 David Walser 2023-06-14 21:56:26 CEST 
RedHat has issued an advisory for CVE-2023-32067 today (June 14):
https://access.redhat.com/errata/RHSA-2023:3584
Comment 4 David Walser 2023-06-15 23:37:27 CEST 
Debian has issued an advisory for CVE-2023-31130 and CVE-2023-32067 on June 7:
https://www.debian.org/security/2023/dsa-5419
Comment 5 David Walser 2023-06-20 15:06:08 CEST 
Ubuntu has issued an advisory for CVE-2023-31130, CVE-2023-32067 on June 14:
https://ubuntu.com/security/notices/USN-6164-1
Comment 6 Nicolas Salguero 2024-01-12 10:53:18 CET 
Mageia 8 EOL

Status: NEW => RESOLVED
Resolution: (none) => OLD