31741 – testng new security issue CVE-2022-4065

Bug 31741 - testng new security issue CVE-2022-4065

Summary: testng new security issue CVE-2022-4065

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2023-03-30 23:15 CEST by David Walser
Modified:	2023-07-07 07:56 CEST (History)
CC List:	6 users (show)

See Also:
Source RPM:	testng-7.4.0-5.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-03-30 23:15:16 CEST

SUSE has issued an advisory today (March 30):
https://lists.suse.com/pipermail/sle-security-updates/2023-March/014264.html

The issue is fixed upstream in 7.7.0:
https://github.com/cbeust/testng/releases/tag/7.7.0

Mageia 8 is also affected.

David Walser 2023-03-30 23:15:45 CEST

Status comment: (none) => Fixed upstream in 7.7.0
Whiteboard: (none) => MGA8TOO

Comment 1 Marja Van Waes 2023-04-02 10:57:32 CEST

Assigning to the registered testng maintainer

Assignee: bugsquad => mageia
CC: (none) => marja11

Comment 2 David GEIGER 2023-07-02 08:21:27 CEST

Patch added for both mga8 and cauldron!

CC: (none) => geiger.david68210

Comment 3 David GEIGER 2023-07-02 08:22:52 CEST

Assigning to QA,

Packages in 8/Core/Updates_testing:
======================
testng-javadoc-6.14.3-4.1.mga8.noarch.rpm
testng-6.14.3-4.1.mga8.noarch.rpm

From SRPMS:
testng-6.14.3-4.1.mga8.src.rpm

Assignee: mageia => qa-bugs
Status comment: Fixed upstream in 7.7.0 => (none)

Comment 4 David GEIGER 2023-07-03 05:06:10 CEST

testng moved to Core/Release for cauldron!

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)

Comment 5 Herman Viaene 2023-07-03 15:42:07 CEST

MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Developer's territory, OK on clean install.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 6 Thomas Andrews 2023-07-06 02:00:39 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-07-06 22:43:42 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 7 Mageia Robot 2023-07-07 07:56:30 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0220.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.