Bug 31256 - rabbitmq-server new security issue CVE-2022-31008
Summary: rabbitmq-server new security issue CVE-2022-31008
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-09 17:46 CET by David Walser
Modified: 2024-03-12 11:37 CET (History)
2 users (show)

See Also:
Source RPM: rabbitmq-server-3.8.18-1.mga8.src.rpm
CVE: CVE-2022-31008
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-12-09 17:46:34 CET 
SUSE has issued an advisory on December 8:
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013208.html

The issue is fixed upstream in 3.8.32:
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8

Mageia 8 is also affected.
David Walser 2022-12-09 17:46:48 CET

Status comment: (none) => Fixed upstream in 3.8.32
Whiteboard: (none) => MGA8TOO

Comment 2 Marja Van Waes 2022-12-11 23:46:23 CET 
"Nobody" is the maintainer of this package, so assigning to all packagers collectively

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Comment 3 Nicolas Salguero 2024-03-12 11:37:13 CET 
Mageia 8 EOL.

CC: (none) => nicolas.salguero
Source RPM: rabbitmq-server-3.8.18-1.mga9.src.rpm => rabbitmq-server-3.8.18-1.mga8.src.rpm
Status comment: Fixed upstream in 3.8.32 => (none)
Status: NEW => RESOLVED
Whiteboard: MGA8TOO => (none)
CVE: (none) => CVE-2022-31008
Version: Cauldron => 8
Resolution: (none) => OLD
Note You need to log in before you can comment on or make changes to this bug.