A security issue in QtSvg: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32573 has a patch: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff Note that Qt4 is most likely also affected. Mageia 8 is also affected.
CC: (none) => smelrorWhiteboard: (none) => MGA8TOO
Done for both mga8 and Cauldron! Note that there is no qtsvg6 package for mga8.
CC: (none) => geiger.david68210
(In reply to David GEIGER from comment #1) > Done for both mga8 and Cauldron! > > Note that there is no qtsvg6 package for mga8. Thanks, did you check Qt4? Our previous qtsvg security updates have affected that too.
Mageia 8 updated packages for qtsvg5: qtsvg5-doc-5.15.2-1.2.mga8 libqt5svg5-5.15.2-1.2.mga8 libqt5svg-devel-5.15.2-1.2.mga8 qtsvg5-5.15.2-1.2.mga8 from qtsvg5-5.15.2-1.2.mga8.src.rpm
Status comment: (none) => qt4 may also be affected, to be checked
Blocks: (none) => 29913
Fixed for both cauldron and mga8 in bug 29913!
Assigning to QA.
Assignee: kde => qa-bugs
Just noting here that you did indeed patch qt4 for this issue. We don't assign two bugs to QA for the same update(s), so assigning this back to the KDE team and we'll handle this update in Bug 29913. When that bug is closed, we'll close this one.
Status comment: qt4 may also be affected, to be checked => (none)Summary: qtsvg5, qtsvg6 new security issue CVE-2023-32573 => qt4, qtsvg5, qtsvg6 new security issue CVE-2023-32573Assignee: qa-bugs => kde
Depends on: (none) => 29913Blocks: 29913 => (none)
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0231.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED