Bug 30145 - expat 2.4.7 fixes regressions from 2.4.5 security fixes
Summary: expat 2.4.7 fixes regressions from 2.4.5 security fixes
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-03-10 17:02 CET by David Walser
Modified: 2022-03-14 17:52 CET (History)
5 users (show)

See Also:
Source RPM: expat-2.2.10-1.3.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2022-03-10 17:02:03 CET
Expat versions 2.4.6 and 2.4.7 have been released, fixing regressions:
https://blog.hartwork.org/posts/expat-2-4-6-released/
https://blog.hartwork.org/posts/expat-2-4-7-released/
https://github.com/libexpat/libexpat/blob/master/expat/Changes

Ubuntu has issued an advisory for this today (March 10):
https://ubuntu.com/security/notices/USN-5320-1

Mageia 8's backports of the security fixes are probably also affected by the regressions.
David Walser 2022-03-10 17:02:30 CET

Whiteboard: (none) => MGA8TOO
CC: (none) => nicolas.salguero, tmb
Status comment: (none) => Fixed upstream in 2.4.7

Comment 1 Nicolas Salguero 2022-03-11 10:35:39 CET
Suggested advisory:
========================

The updated packages fix regressions introduced by security fixes for CVE-2022-25313 and CVE-2022-25236.

References:
https://blog.hartwork.org/posts/expat-2-4-6-released/
https://blog.hartwork.org/posts/expat-2-4-7-released/
https://github.com/libexpat/libexpat/blob/master/expat/Changes
https://ubuntu.com/security/notices/USN-5320-1
========================

Updated packages in core/updates_testing:
========================
expat-2.2.10-1.4.mga8
lib(64)expat1-2.2.10-1.4.mga8
lib(64)expat-devel-2.2.10-1.4.mga8

from SRPM:
expat-2.2.10-1.4.mga8.src.rpm

Status comment: Fixed upstream in 2.4.7 => (none)
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs
Source RPM: expat-2.4.5-1.mga9.src.rpm => expat-2.2.10-1.3.mga8.src.rpm

Comment 2 Thomas Andrews 2022-03-11 18:09:19 CET
No installation issues. I have no idea of how to test to see if the regressions have been fixed, so testing with the standard procedure from https://wiki.mageia.org/en/QA_procedure:Expat

$ python testexpat.py
Tested OK

If that test is sufficient, then this update is OK for 64-bits.

CC: (none) => andrewsfarm

Comment 3 Thomas Andrews 2022-03-13 21:13:22 CET
validating. Advisory in Comment 1.

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Dave Hodgins 2022-03-13 23:30:35 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 4 Mageia Robot 2022-03-14 17:52:50 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2022-0036.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.