Bug 31666 - perl-Cpanel-JSON-XS new security issue fixed upstream in 4.34
Summary: perl-Cpanel-JSON-XS new security issue fixed upstream in 4.34
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-14 02:05 CET by David Walser
Modified: 2023-03-17 17:15 CET (History)
1 user (show)

See Also:
Source RPM: perl-Cpanel-JSON-XS-4.250.0-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2023-03-14 02:05:02 CET
Fedora has issued an advisory on March 11:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CSD3O3LQSW7QZLM33RFCIW3TFNXLB7QD/

The updated to 4.35 with an additional bug fix (it would be good to update Cauldron).
David Walser 2023-03-14 02:05:15 CET

Status comment: (none) => Fixed upstream in 4.34

Comment 1 Lewis Smith 2023-03-14 20:18:15 CET
Cauldron already has 4.34, but note Luigi's remark about 4.35.
Assigning to tv who did the 4.34 (& earlier) update[s).

Assignee: bugsquad => thierry.vignaud

Comment 2 Nicolas Salguero 2023-03-17 14:48:42 CET
Suggested advisory:
========================

The updated package fixes some bugs including a security vulnerability:

Decoding hash keys without ending ':'.

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CSD3O3LQSW7QZLM33RFCIW3TFNXLB7QD/
========================

Updated package in core/updates_testing:
========================
perl-Cpanel-JSON-XS-4.350.0-1.mga8

from SRPM:
perl-Cpanel-JSON-XS-4.350.0-1.mga8.src.rpm

CC: (none) => nicolas.salguero
Assignee: thierry.vignaud => qa-bugs
Status: NEW => ASSIGNED
Status comment: Fixed upstream in 4.34 => (none)

Comment 3 David Walser 2023-03-17 17:15:36 CET
Note that this is still pending a freeze move in Cauldron.

Note You need to log in before you can comment on or make changes to this bug.