31674 – hotspot new security issue CVE-2023-28144

Bug 31674 - hotspot new security issue CVE-2023-28144

Summary: hotspot new security issue CVE-2023-28144

Status:	RESOLVED OLD

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Rémi Verschelde
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-03-14 16:30 CET by David Walser
Modified:	2024-01-12 10:39 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	hotspot-1.3.0-3.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-03-14 16:30:46 CET

A security issue in hotspot has been announced today (March 14):
https://www.openwall.com/lists/oss-security/2023/03/14/8

It sounds like the vulnerability isn't fully exposed until version 1.4.1, but the initial basis for it is present in 1.3.0.

We should at least patch it for Cauldron and commit the patch to Mageia 8 SVN.

Comment 1 Lewis Smith 2023-03-14 20:59:24 CET

Hotspot is down to Rémi, so assigning this to you.

Assignee: bugsquad => rverschelde

Comment 2 David GEIGER 2023-07-02 10:37:15 CEST

hotspot 1.4.1 is on cauldron!

CC: (none) => geiger.david68210
Version: Cauldron => 8

Comment 3 David Walser 2023-07-02 14:41:37 CEST

Version 1.4.1 exposes the issue, it doesn't fix it.

Version: 8 => Cauldron

Comment 4 David GEIGER 2023-07-02 20:08:54 CEST

I already added the patch to fix this security issue:
https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c

https://svnweb.mageia.org/packages?view=revision&revision=1950151

Version: Cauldron => 8

Comment 5 Nicolas Salguero 2024-01-12 10:39:11 CET

Mageia 8 EOL

Status: NEW => RESOLVED
CC: (none) => nicolas.salguero
Resolution: (none) => OLD

Note You need to log in before you can comment on or make changes to this bug.