Bug 32034

Summary: glib2.0 new security issues CVE-2023-32636 and CVE-2023-32643
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: olav, thierry.vignaud
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: glib2.0-2.66.8-1.mga8.src.rpm CVE:
Status comment: Patches available from upstream and Ubuntu

Description David Walser 2023-06-20 15:11:51 CEST 
Ubuntu has issued an advisory on June 14:
https://ubuntu.com/security/notices/USN-6165-1
David Walser 2023-06-20 15:12:03 CEST

Status comment: (none) => Patches available from upstream and Ubuntu

Comment 1 Lewis Smith 2023-06-20 20:31:56 CEST 
This version of the software was commited over 2y ago by Olav, who did version updates to 2.72.3. Since then tv has done a couple. Unsure to whom to assign this, so doing so globally; CC'ing these two packagers.

Assignee: bugsquad => pkg-bugs
CC: (none) => olav, thierry.vignaud

Comment 2 Jani Välimaa 2023-07-09 19:02:32 CEST 
IINM CVE-2023-32636 and CVE-2023-32643 were fixed when a fix for CVE-2023-24593 (bug 31805) was released.

https://ubuntu.com/security/CVE-2023-24593
Comment 3 David Walser 2023-07-09 19:54:09 CEST 
Indeed.  These CVEs were regressions of the original fix for CVE-2023-24593, but the patch in Bug 31805 included the fixes for those regressions.

*** This bug has been marked as a duplicate of bug 31805 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE