Fedora has issued an advisory on November 10: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/ The issue is fixed upstream in 1.6.0.
Status comment: (none) => Fixed upstream in 1.6.0
CVE: (none) => CVE-2022-39369
php-pear-CAS-1.6.0-1.mga8 uploaded for Mageia 8 by Marc. Ready for QA?
Status comment: Fixed upstream in 1.6.0 => (none)
yes, didn't have the time to write down the changes.
CC: (none) => mageiaAssignee: mageia => qa-bugs
Updated php-pear-CAS packages fix security vulnerabilities: This update fixes a vulnerability in this lib. For details see [2]. References: [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39369 [2] https://github.com/advisories/GHSA-8q72-6qq8-xv64 [3] https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2XL7SMW6ESSP2Y6HHRYWW2MMCZSI4LBZ/ ======================== Updated packages in core/updates_testing: ======================== php-pear-CAS-1.6.0-1.mga8.noarch.rpm SRPM: php-pear-CAS-1.6.0-1.mga8.src.rpm
MGA8-64 MATE on Acer Aspire 5253 No installation issues This is developer's realm, so as in bug 24367, OK on clean install.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory information in comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0432.html
Status: NEW => RESOLVEDResolution: (none) => FIXED