32034 – glib2.0 new security issues CVE-2023-32636 and CVE-2023-32643

Bug 32034 - glib2.0 new security issues CVE-2023-32636 and CVE-2023-32643

Summary: glib2.0 new security issues CVE-2023-32636 and CVE-2023-32643

Status:	RESOLVED DUPLICATE of bug 31805

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	All Packagers
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-20 15:11 CEST by David Walser
Modified:	2023-07-09 19:54 CEST (History)
CC List:	2 users (show)

See Also:
Source RPM:	glib2.0-2.66.8-1.mga8.src.rpm
CVE:
Status comment:	Patches available from upstream and Ubuntu

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-06-20 15:11:51 CEST

Ubuntu has issued an advisory on June 14:
https://ubuntu.com/security/notices/USN-6165-1

David Walser 2023-06-20 15:12:03 CEST

Status comment: (none) => Patches available from upstream and Ubuntu

Comment 1 Lewis Smith 2023-06-20 20:31:56 CEST

This version of the software was commited over 2y ago by Olav, who did version updates to 2.72.3. Since then tv has done a couple. Unsure to whom to assign this, so doing so globally; CC'ing these two packagers.

Assignee: bugsquad => pkg-bugs
CC: (none) => olav, thierry.vignaud

Comment 2 Jani Välimaa 2023-07-09 19:02:32 CEST

IINM CVE-2023-32636 and CVE-2023-32643 were fixed when a fix for CVE-2023-24593 (bug 31805) was released.

https://ubuntu.com/security/CVE-2023-24593

Comment 3 David Walser 2023-07-09 19:54:09 CEST

Indeed.  These CVEs were regressions of the original fix for CVE-2023-24593, but the patch in Bug 31805 included the fixes for those regressions.

*** This bug has been marked as a duplicate of bug 31805 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Note You need to log in before you can comment on or make changes to this bug.