Bug 31493 - sofia-sip new security issue CVE-2023-22741
Summary: sofia-sip new security issue CVE-2023-22741
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2023-02-01 17:34 CET by David Walser
Modified: 2023-02-07 01:09 CET (History)
4 users (show)

See Also:
Source RPM: sofia-sip-1.12.11-10.1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-02-01 17:34:27 CET 
Debian-LTS has issued an advisory on January 29:
https://www.debian.org/lts/security/2023/dla-3292

The issue is fixed upstream in 1.13.11:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54
Comment 1 David GEIGER 2023-02-04 09:40:00 CET 
Done for mga8, adding upstream patch!

CC: (none) => geiger.david68210

Comment 2 David Walser 2023-02-04 15:56:12 CET 
libsofia-sip-devel-1.12.11-10.2.mga8
libsofia-sip0-1.12.11-10.2.mga8
sofia-sip-1.12.11-10.2.mga8
libsofia-sip-static-devel-1.12.11-10.2.mga8

sofia-sip-1.12.11-10.2.mga8.src.rpm

Assignee: kde => qa-bugs

Comment 3 Thomas Andrews 2023-02-05 00:41:20 CET 
No installation issues. Tested as in bug 30806 Comment 5 with no issues noted, though the test is far from thorough.

Giving this an OK, and validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK

Dave Hodgins 2023-02-06 21:04:43 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 4 Mageia Robot 2023-02-07 01:09:01 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0040.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.