SUSE has issued an advisory today (September 6): https://lists.suse.com/pipermail/sle-security-updates/2022-September/012105.html Mageia 8 is also affected.
Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PYJHVWMVWO63ECJ37DXSJEJXCZBKW5W/
Whiteboard: (none) => MGA8TOO
No registered maintainer, so assigning to all packagers collectively.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Hi, In fact, version 2022.5 already contains the correction for that CVE so only Mga8 is affected. Best regards,
Whiteboard: MGA8TOO => (none)Source RPM: ostree-2022.5-1.mga9.src.rpm => ostree-2020.8-2.mga8.src.rpmVersion: Cauldron => 8CC: (none) => nicolas.salgueroCVE: (none) => CVE-2014-9862
Suggested advisory: ======================== The updated packages fix a security vulnerability: A memory corruption issue that could be triggered when diffing binary files. (CVE-2014-9862) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862 https://lists.suse.com/pipermail/sle-security-updates/2022-September/012105.html https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6PYJHVWMVWO63ECJ37DXSJEJXCZBKW5W/ ======================== Updated packages in core/updates_testing: ======================== lib(64)ostree1-2020.8-2.1.mga8 lib(64)ostree-gir1.0-2020.8-2.1.mga8 lib(64)ostree-devel-2020.8-2.1.mga8 ostree-2020.8-2.1.mga8 ostree-grub2-2020.8-2.1.mga8 ostree-tests-2020.8-2.1.mga8 from SRPM: ostree-2020.8-2.1.mga8.src.rpm
Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugs
MGA8-64 Plasma on Acer Aspire 5253 No installation issues No previous updates, googled and found https://ostree.readthedocs.io/en/stable/manual/introduction/ $ mkdir osrep $ cd osrep/ $ ostree --repo=repo init $ mkdir tree $ echo "Hello world!" > tree/hello.txt $ ostree --repo=repo commit --branch=foo tree/ ed3c4ecfdef03dcf6165248a636298f0d5cd1d6790a0d9fc2fe1aba75775ad0f $ ostree --repo=repo refs foo $ ostree --repo=repo ls foo d00755 1000 1000 0 / -00644 1000 1000 13 /hello.txt $ ostree --repo=repo checkout foo tree-checkout/ $ cat tree-checkout/hello.txt Hello world! Looks OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 4.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0334.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED