Debian has issued an advisory on September 22: https://www.debian.org/security/2022/dsa-5236 The issue is fixed upstream in 2.4.9.
Status comment: (none) => Fixed upstream in 2.4.9
Assigning to NicolasS because you have done CVE updates on this before.
Assignee: bugsquad => nicolas.salguero
Suggested advisory: ======================== The updated packages fix a security vulnerability: libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674 https://www.debian.org/security/2022/dsa-5236 ======================== Updated packages in core/updates_testing: ======================== expat-2.2.10-1.5.mga8 lib(64)expat1-2.2.10-1.5.mga8 lib(64)expat-devel-2.2.10-1.5.mga8 from SRPM: expat-2.2.10-1.5.mga8.src.rpm
Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugsCVE: (none) => CVE-2022-40674CC: (none) => nicolas.salgueroStatus comment: Fixed upstream in 2.4.9 => (none)
MGA8-64 MATE on Acer Aspire 5253 No installation issues Downloaded testfiles from bug 30070 (copied from wiki) and run test. $ python testexpat.py Tested OK Good to go.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0352.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED