Bug 33365

Summary: p7zip new security issues CVE-2023-5216[89]
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: David GEIGER <geiger.david68210>
Status: NEW --- QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA9TOO
Source RPM: p7zip-17.05-1.mga9.src.rpm CVE: CVE-2023-52168, CVE-2023-52169
Status comment: Fixed in 7zip 24.01 beta

Description Nicolas Salguero 2024-07-04 15:24:37 CEST 
Those CVEs were announced here:
https://www.openwall.com/lists/oss-security/2024/07/03/10

Mageia 9 is also affected.
Nicolas Salguero 2024-07-04 15:25:35 CEST

Source RPM: (none) => p7zip-17.05-1.mga9.src.rpm
Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2023-52168, CVE-2023-52169
Status comment: (none) => Fixed in 7zip 24.01 beta

Comment 1 Lewis Smith 2024-07-05 21:24:43 CEST 
Not quite as obvious as it looks.
 https://github.com/p7zip-project/p7zip
says v17.05 Latest Feb 20, 2023; but cites also 7zip whose homepage
 https://www.7-zip.org/
is entirely Windows, versions up to 24.07 2024/06/19. However, its download page
 https://www.7-zip.org/download.html
includes 7-Zip 24.07 (2024-06-19):
 .tar.xz	64-bit Linux x86-64	7-Zip for Linux: console version
 .tar.xz	32-bit Linux x86

Assigning to DavidG who did earlier version updates.

Assignee: bugsquad => geiger.david68210