Bug 30635 - libzypp new security issue bsc#1184501
Summary: libzypp new security issue bsc#1184501
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Christiaan Welvaart
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-14 19:18 CEST by David Walser
Modified: 2024-01-12 09:59 CET (History)
3 users (show)

See Also:
Source RPM: libzypp-17.28.4-7.mga9.src.rpm
CVE:
Status comment: 17.29.6

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-07-14 19:18:25 CEST 
SUSE has issued an advisory today (July 14):
https://lists.suse.com/pipermail/sle-security-updates/2022-July/011544.html

The issue is fixed upstream in 17.29.6.

Mageia 8 is also affected.
David Walser 2022-07-14 19:18:40 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => 17.29.6

Comment 1 Marja Van Waes 2022-07-16 11:34:32 CEST 
Assigning to our registered libzypp maintainer.

CC: (none) => marja11
Assignee: bugsquad => cjw

Comment 2 David Walser 2022-09-01 23:17:51 CEST 
openSUSE has issued an advisory for this today (September 1):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AYJVCDZFHL3RLKSFHF4ITKBC25PHGJ5K/
Comment 3 David GEIGER 2023-07-01 16:46:39 CEST 
cauldron was updated to 17.31.1, so fixed here.

CC: (none) => geiger.david68210
Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 4 Nicolas Salguero 2024-01-12 09:59:13 CET 
Mageia 8 EOL

CC: (none) => nicolas.salguero
Status: NEW => RESOLVED
Resolution: (none) => OLD
Note You need to log in before you can comment on or make changes to this bug.