Bug 30988 - firefox missing fix for CVE-2022-40674 in bundled expat
Summary: firefox missing fix for CVE-2022-40674 in bundled expat
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-10-19 17:32 CEST by David Walser
Modified: 2022-10-28 08:55 CEST (History)
5 users (show)

See Also:
Source RPM: firefox
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-10-19 17:32:05 CEST 
RedHat has issued an advisory on October 18:
https://access.redhat.com/errata/RHSA-2022:7024

Patch included in firefox-102.4.0-1.1.mga8.

It also includes a webrtc fix patch, which may fix the issue with BigBlueButton (whatever that is) that was mentioned when we started testing the 102.x series.

Patched package is building and should be available later today.
Comment 1 Nicolas Salguero 2022-10-20 09:15:06 CEST 
Hi,

After some tests, I can now say that the webrtc fix patch really solves the issue with BigBlueButton.

Many thanks,

Nico.

CC: (none) => nicolas.salguero

Comment 2 Morgan Leijström 2022-10-23 22:44:08 CEST 
mga8-64, Plasma: short test OK, continue using.
Clean update
Swedish locale
settings and open tabs kept
Surfing, video, bank logins...

CC: (none) => fri

Comment 3 Thomas Andrews 2022-10-24 17:47:11 CEST 
MGA8-64 Plasma, US English, no issues here.

CC: (none) => andrewsfarm

Comment 4 Dave Hodgins 2022-10-26 19:25:55 CEST 
No regressions noticed. Validating the update

Whiteboard: (none) => MGA8-64-OK
CC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-10-28 04:04:27 CEST

Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-10-28 08:55:54 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0399.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.