Security issues in c-ares have been announced on May 22: https://www.openwall.com/lists/oss-security/2023/05/22/2 The issues are fixed upstream in 1.19.1: https://c-ares.org/changelog.html https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.19.1
This SRPM is done by various people, so assigning this update globally. CC'ing MikeR who put up version 1.19.0.
Assignee: bugsquad => pkg-bugsCC: (none) => mhrambo3501
Hi, Freeze move requested for c-ares-1.19.1-1.mga9. Best regards, Nico.
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)CC: (none) => nicolas.salguero
RedHat has issued an advisory for CVE-2023-32067 today (June 14): https://access.redhat.com/errata/RHSA-2023:3584
Debian has issued an advisory for CVE-2023-31130 and CVE-2023-32067 on June 7: https://www.debian.org/security/2023/dsa-5419
Ubuntu has issued an advisory for CVE-2023-31130, CVE-2023-32067 on June 14: https://ubuntu.com/security/notices/USN-6164-1
Mageia 8 EOL
Status: NEW => RESOLVEDResolution: (none) => OLD