Bug 33305

Summary:	virtuoso-opensource new security issues CVE-2023-3160[7-9], CVE-2023-3161[0-9], CVE-2023-31620, CVE-2023-3162[2-9], CVE-2023-3163[01], CVE-2023-4894[5-7], CVE-2023-4895[01]
Product:	Mageia	Reporter:	Nicolas Salguero <nicolas.salguero>
Component:	Security	Assignee:	All Packagers <pkg-bugs>
Status:	NEW ---	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal
Version:	Cauldron
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA9TOO
Source RPM:	virtuoso-opensource-6.1.8-10.mga9.src.rpm	CVE:	CVE-2023-31607,CVE-2023-31608,CVE-2023-31609,CVE-2023-31610,CVE-2023-31611,CVE-2023-31612,CVE-2023-31613,CVE-2023-31614,CVE-2023-31615,CVE-2023-31616,CVE-2023-31617,CVE-2023-31618,CVE-2023-31619,CVE-2023-31623,CVE-2023-31625,CVE-2023-31628
Status comment:	Patches available from Ubuntu

Description Nicolas Salguero 2024-06-13 16:45:13 CEST

Ubuntu has issued an advisory on June 13:
https://ubuntu.com/security/notices/USN-6832-1

Mageia 9 is also affected.

Nicolas Salguero 2024-06-13 16:47:12 CEST

Status comment: (none) => Patches available from Ubuntu
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => virtuoso-opensource-6.1.8-10.mga9.src.rpm
CVE: (none) => CVE-2023-31607,CVE-2023-31608,CVE-2023-31609,CVE-2023-31610,CVE-2023-31611,CVE-2023-31612,CVE-2023-31613,CVE-2023-31614,CVE-2023-31615,CVE-2023-31616,CVE-2023-31617,CVE-2023-31618,CVE-2023-31619,CVE-2023-31623,CVE-2023-31625,CVE-2023-31628

Comment 1 Lewis Smith 2024-06-13 21:55:01 CEST

"Patches available from Ubuntu": Most CVEs have what I think are the following patches:
https://github.com/openlink/virtuoso-opensource/commit/ea8b2c975c6c96f36e34014d6c71a73761198ebe
https://github.com/openlink/virtuoso-opensource/commit/9c5bdeb73b00b5ae88db0be036d429d779126094
https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07
https://github.com/openlink/virtuoso-opensource/commit/db0b768dfbb66e306504d0f7951c4ae4932edd74
https://github.com/openlink/virtuoso-opensource/commit/2b64ad928ef5f75fc93091677a78abfbd17ea07f
https://github.com/openlink/virtuoso-opensource/commit/030e47a29976709a50603e3f34e82278e5f462df
https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2024-07-05 14:48:41 CEST

Ubuntu has issued an advisory on July 4:
https://ubuntu.com/security/notices/USN-6879-1

They fix CVE-2023-3162[024679], CVE-2023-3163[01], CVE-2023-4894[5-7], CVE-2023-4895[01].

Summary: virtuoso-opensource new security issues CVE-2023-3160[7-9], CVE-2023-3161[0-9], CVE-2023-3162[358] => virtuoso-opensource new security issues CVE-2023-3160[7-9], CVE-2023-3161[0-9], CVE-2023-31620, CVE-2023-3162[2-9], CVE-2023-3163[01], CVE-2023-4894[5-7], CVE-2023-4895[01]