Bug 33057

Summary: dnf5daemon-server new security issues CVE-2024-1930 and CVE-2024-2746 (incomplete fix for CVE-2024-1929)
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: jani.valimaa
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: dnf5-5.1.13-1.mga10.src.rpm CVE: CVE-2024-1930, CVE-2024-2746
Status comment: fixed in version 5.1.17

Description Nicolas Salguero 2024-04-04 10:03:34 CEST 
Those CVEs were announced here:
https://www.openwall.com/lists/oss-security/2024/03/04/2
https://www.openwall.com/lists/oss-security/2024/04/03/5

They are fixed in version 5.1.17.
Nicolas Salguero 2024-04-04 10:03:50 CEST

CVE: (none) => CVE-2024-1930, CVE-2024-2746
Source RPM: (none) => dnf5-5.1.13-1.mga10.src.rpm

Comment 1 Lewis Smith 2024-04-04 21:27:54 CEST 
Nicolas has already put version 5.1.17 in Cauldron.
Jani is working on the 32-bit build.
If this does not apply to Mageia 9, the bug can be closed/fixed once correctly built.
If it does apply to M9, please add that to Whiteboard; and assign to pkg-bugs for M9.

Status comment: (none) => fixed in version 5.1.17
CC: (none) => jani.valimaa

Comment 2 Nicolas Salguero 2024-04-05 08:15:21 CEST 
Fixed with dnf5-5.1.17-3.mga10.

Resolution: (none) => FIXED
Status: NEW => RESOLVED