Bug 31231 - libxml2 new security issue CVE-2022-2309
Summary: libxml2 new security issue CVE-2022-2309
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: David Walser
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on: 31810
Blocks:
  Show dependency treegraph
 
Reported: 2022-12-06 17:55 CET by David Walser
Modified: 2023-05-06 22:21 CEST (History)
1 user (show)

See Also:
Source RPM: libxml2-2.9.10-7.6.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-12-06 17:55:00 CET 
Ubuntu has issued an advisory on December 5:
https://ubuntu.com/security/notices/USN-5760-1

We already fixed the issue in python-lxml in Bug 30772, so I don't think pushing an update for libxml2 is necessary at this time, but I have committed the patch in Mageia 8 SVN.  It can go out with any subsequent libxml2 update in the future.
Comment 1 Lewis Smith 2022-12-06 20:06:18 CET 
Thanks for your pre-emptive work.
So can we close this?

CC: (none) => lewyssmith

Comment 2 David Walser 2022-12-06 20:36:14 CET 
No, as the update isn't pushed.  I'll just leave this bug open until there's a need to push an update for another libxml2 issue.
Comment 3 Lewis Smith 2022-12-06 20:49:35 CET 
Assign to ? I do not like leaving things hanging about with Bugsquad, but if you so wish, so be it.
Comment 4 David Walser 2022-12-06 21:01:06 CET 
I guess I'll take it for now and assign it to pkg-bugs when something else needs to be done.

Assignee: bugsquad => luigiwalser

Comment 5 Lewis Smith 2022-12-06 21:21:43 CET 
Kind!
David Walser 2023-04-18 13:44:15 CEST

Depends on: (none) => 31810

Comment 6 David Walser 2023-05-06 22:21:00 CEST 
Fixed in:
https://advisories.mageia.org/MGASA-2023-0157.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.