Debian-LTS has issued an advisory on January 31: https://www.debian.org/lts/security/2023/dla-3296 Our package has the wrong version, it says 1.60 when it's 1.06. Mageia 8 is also affected.
Status comment: (none) => Patch available from upstream and DebianWhiteboard: (none) => MGA8TOO
Assigning to the Perl maintainers
CC: (none) => marja11Assignee: bugsquad => perl
Debian has issued an advisory for this on February 5: https://www.debian.org/security/2023/dsa-5339
Suggested advisory: ======================== The updated package fixes a security vulnerability: The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. (CVE-2023-24038) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24038 https://www.debian.org/lts/security/2023/dla-3296 https://www.debian.org/security/2023/dsa-5339 ======================== Updated package in core/updates_testing: ======================== perl-HTML-StripScripts-1.60.0-3.1.mga8 from SRPM: perl-HTML-StripScripts-1.60.0-3.1.mga8.src.rpm
Version: Cauldron => 8CVE: (none) => CVE-2023-24038Status: NEW => ASSIGNEDStatus comment: Patch available from upstream and Debian => (none)CC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Assignee: perl => qa-bugs
Source RPM: perl-HTML-StripScripts-1.60.0-4.mga9.src.rpm => perl-HTML-StripScripts-1.60.0-3.mga8.src.rpm
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Developer's area, so OK on clean install.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0096.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED