Bug 33207

Summary: podofo new security issues CVE-2023-3156[6-8]
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: NEW --- QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: smelror
Version: 9   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: podofo-0.9.8-2.mga9.src.rpm CVE: CVE-2023-31566, CVE-2023-31567, CVE-2023-31568
Status comment: Fixed upstream in 0.10.1

Description Nicolas Salguero 2024-05-13 16:00:43 CEST 
Gentoo has issued an advisory on May 12:
https://lwn.net/Articles/973479/

The problem is fixed in version 0.10.1.
Nicolas Salguero 2024-05-13 16:01:35 CEST

Status comment: (none) => Fixed upstream in 0.10.1
CVE: (none) => CVE-2023-31566, CVE-2023-31567
Source RPM: (none) => podofo-0.9.8-2.mga9.src.rpm

Comment 1 Lewis Smith 2024-05-16 20:51:57 CEST 
Cauldron has 0.10.1 0.10.2 0.10.3 (thanks to Stig), so this if for M9 - as it says!

Unsure where to push it: globally; CC'ing Stig who did the Cauldron updates but not earlier M9 ones.

CC: (none) => smelror
Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2024-07-04 09:25:58 CEST 
SUSE has issued an advisory on July 2:
https://lwn.net/Articles/980540/

They fix CVE-2023-3156[6-8] as well as other security issues:
https://github.com/podofo/podofo/issues/66
https://github.com/podofo/podofo/issues/67
https://github.com/podofo/podofo/issues/69
https://github.com/podofo/podofo/issues/70 (CVE-2023-31566)
https://github.com/podofo/podofo/issues/71 (CVE-2023-31567)
https://github.com/podofo/podofo/issues/72 (CVE-2023-31568)

CVE: CVE-2023-31566, CVE-2023-31567 => CVE-2023-31566, CVE-2023-31567, CVE-2023-31568
Summary: podofo new security issues CVE-2023-3156[67] => podofo new security issues CVE-2023-3156[6-8]