A security issue fixed upstream in usbview has been announced today (January 21): https://www.openwall.com/lists/oss-security/2022/01/21/1 The issue is fixed upstream in 2.2.
Status comment: (none) => Fixed upstream in 2.2
Debian has issued an advisory for this today (January 21): https://www.debian.org/security/2022/dsa-5052
fixed in upstream 3.0 SRPM: usbview-3.0-1.mga8.src.rpm i586: usbview-3.0-1.mga8.i586.rpm x86_64: usbview-3.0-1.mga8.x86_64.rpm
Assignee: tmb => qa-bugs
Mageia 8 actually isn't affected as its version doesn't include the polkit rule.
Assignee: qa-bugs => tmbStatus: NEW => RESOLVEDStatus comment: Fixed upstream in 2.2 => (none)Resolution: (none) => FIXED
For completeness: I see 3.0-1 is in Cauldron now. For mga8, should the update get purged from testing, or set to QA and get tested?
CC: (none) => fri
(In reply to Morgan Leijström from comment #4) > For completeness: I see 3.0-1 is in Cauldron now. > > For mga8, should the update get purged from testing, or set to QA and get > tested? It depends on if there's another reason tmb wants to push the update for Mageia 8; if so, it should have its own bug since this CVE isn't relevant there.