openSUSE has issued an advisory on October 13: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HNIPYSSVD2PSQBQN44WSUXHISIIAWJFS/ Mageia 8 is also affected.
CC: (none) => mageiaStatus comment: (none) => Patch available from openSUSEWhiteboard: (none) => MGA8TOO
In the absence of an individual packager for this SRPM, assigning globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. (CVE-2022-41550) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41550 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HNIPYSSVD2PSQBQN44WSUXHISIIAWJFS/ ======================== Updated packages in core/updates_testing: ======================== lib(64)osip2_12-5.0.0-4.1.mga8 lib(64)osip2-devel-5.0.0-4.1.mga8 from SRPM: libosip2-5.0.0-4.1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsCC: (none) => nicolas.salgueroStatus comment: Patch available from openSUSE => (none)Version: Cauldron => 8CVE: (none) => CVE-2022-41550
Source RPM: libosip2-5.0.0-5.mga9.src.rpm => libosip2-5.0.0-4.mga8.src.rpm
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Ref bug 20758 and on the observation that nothing seems impacted negatively, OK on clean install.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0389.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED