Bug 30988 - firefox missing fix for CVE-2022-40674 in bundled expat
Summary: firefox missing fix for CVE-2022-40674 in bundled expat
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2022-10-19 17:32 CEST by David Walser
Modified: 2022-10-28 08:55 CEST (History)
5 users (show)

See Also:
Source RPM: firefox
Status comment:


Description David Walser 2022-10-19 17:32:05 CEST
RedHat has issued an advisory on October 18:

Patch included in firefox-102.4.0-1.1.mga8.

It also includes a webrtc fix patch, which may fix the issue with BigBlueButton (whatever that is) that was mentioned when we started testing the 102.x series.

Patched package is building and should be available later today.
Comment 1 Nicolas Salguero 2022-10-20 09:15:06 CEST

After some tests, I can now say that the webrtc fix patch really solves the issue with BigBlueButton.

Many thanks,


CC: (none) => nicolas.salguero

Comment 2 Morgan Leijström 2022-10-23 22:44:08 CEST
mga8-64, Plasma: short test OK, continue using.
Clean update
Swedish locale
settings and open tabs kept
Surfing, video, bank logins...

CC: (none) => fri

Comment 3 Thomas Andrews 2022-10-24 17:47:11 CEST
MGA8-64 Plasma, US English, no issues here.

CC: (none) => andrewsfarm

Comment 4 Dave Hodgins 2022-10-26 19:25:55 CEST
No regressions noticed. Validating the update

Whiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-10-28 04:04:27 CEST

Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-10-28 08:55:54 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.