Fedora has issued an advisory today (March 30): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CKIMUQATTY7VMFMU2DEKO4TBILZ5Q4CT/ The issues in the Fedora advisory (plus CVE-2022-36039) are fixed upstream in 0.4.1: https://github.com/rizinorg/rizin/releases/tag/v0.4.1 https://github.com/rizinorg/rizin/security/advisories/GHSA-pr85-hv85-45pg https://github.com/rizinorg/rizin/security/advisories/GHSA-h897-rhm9-rpmw https://github.com/rizinorg/rizin/security/advisories/GHSA-2c7m-2f37-mr5m https://github.com/rizinorg/rizin/security/advisories/GHSA-pf72-jg54-8gvp https://github.com/rizinorg/rizin/security/advisories/GHSA-rjhv-mj4g-j4p5 https://github.com/rizinorg/rizin/security/advisories/GHSA-mqcj-82c6-gh5q Upstream has also released 0.5.2, fixing CVE-2023-27590: https://github.com/rizinorg/rizin/releases/tag/v0.5.2 https://github.com/rizinorg/rizin/security/advisories/GHSA-rqcp-m8m2-jcqf Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 0.5.2Whiteboard: (none) => MGA8TOO
Assigning to the registered rizin maintainer
Assignee: bugsquad => mageiaCC: (none) => marja11
Release 0.5.2 is in cauldron/testing
CC: (none) => yves.brungard_mageia
I presume that radare2-cutter has to be rebuilt for lib64rizin0.
Fixed for cauldron now!
CC: (none) => geiger.david68210Whiteboard: MGA8TOO => (none)Version: Cauldron => 8
Mageia 8 EOL
CC: (none) => nicolas.salgueroResolution: (none) => OLDStatus: NEW => RESOLVED