29892 – zstd possible new security issue rhbz#2039353

Bug 29892 - zstd possible new security issue rhbz#2039353

Summary: zstd possible new security issue rhbz#2039353

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Thierry Vignaud
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-01-15 01:02 CET by David Walser
Modified:	2023-06-27 20:16 CEST (History)
CC List:	0 users

See Also:
Source RPM:	zstd-1.5.1-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-01-15 01:02:01 CET

Fedora has issued an advisory today (January 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/53BF22JXPBPK47P2MXJOCQY7ZQ42JNJ4/

Referring to the following bug and commit:
https://bugzilla.redhat.com/show_bug.cgi?id=2039353
https://src.fedoraproject.org/rpms/zstd/c/43bd23e45a39f0e025042aa03dda73ff1a48ce52?branch=rawhide

Comment 1 Lewis Smith 2022-01-15 20:54:49 CET

Officially for akien, but tv is the principle maintainer.

Assignee: bugsquad => thierry.vignaud

Kathy Barrera 2023-06-01 09:35:18 CEST

CC: (none) => herringburdensome

David Walser 2023-06-03 18:57:38 CEST

CC: herringburdensome => (none)

Comment 3 Thomas Backlund 2023-06-27 20:16:35 CEST

The CET hardening is included in zstd 1.5.5 we have in Cauldron

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.