Fedora has issued an advisory on July 17: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FQBJ24W6TXLSAQWCFW7IBGUMX4AJI3S4/ The issue is fixed upstream in 4.4.0. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 4.4.0
Assigning to tv since you did all the most recent version updates for this, so it is a chemin connu.
Assignee: bugsquad => thierry.vignaud
Ubuntu has issued an advisory for this on July 19: https://ubuntu.com/security/notices/USN-5524-1
openSUSE has issued an advisory for this today (August 4): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VCJNJQSKWM62QM7KUZI7LSAXOK4ALXQN/
Fedora has issued an advisory today (March 14): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/ The issue is fixed upstream in 7.0.0. Mageia 8 is also affected.
Summary: harfbuzz new security issue CVE-2022-33068 => harfbuzz new security issues CVE-2022-33068 and CVE-2023-25193Status comment: Fixed upstream in 4.4.0 => Fixed upstream in 7.0.0
For Cauldron we currently have harfbuzz-7.0.1-1.mga9
CC: (none) => geiger.david68210
Indeed.
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Source RPM: harfbuzz-4.3.0-2.mga9.src.rpm => harfbuzz-2.7.4-1.mga8.src.rpm
(In reply to David Walser from comment #4) > Fedora has issued an advisory today (March 14): > https://lists.fedoraproject.org/archives/list/package-announce@lists. > fedoraproject.org/thread/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/ > > The issue is fixed upstream in 7.0.0. > > Mageia 8 is also affected. SUSE has issued an advisory for this on April 14: https://lists.suse.com/pipermail/sle-security-updates/2023-April/014462.html
Mageia 8 EOL
CC: (none) => nicolas.salgueroResolution: (none) => OLDStatus: NEW => RESOLVED