Redhat has issued an advisory for that CVE: https://lwn.net/Articles/952259/ The problem is fixed in version 2.0.8 so Cauldron is not affected and Mageia 8 is not affected too because the vulnerable code was introduced later.
Source RPM: (none) => libqb-2.0.6-1.mga9.src.rpmStatus comment: (none) => Fixed upstream in 2.0.8
The main pkg is lib64qb100. Cauldron already has v2.0.8 This was put up by DavidG, so can we ask you to the M9 bit? (+ advisory).
Assignee: bugsquad => geiger.david68210
Assigning to QA, Package in 9/Core/Updates_testing: ===================== libqb-devel-2.0.8-1.mga9 lib64qb-devel-2.0.8-1.mga9 doxygen2man-2.0.8-1.mga9 libqb100-2.0.8-1.mga9 lib64qb100-2.0.8-1.mga9 From SRPMS: libqb-2.0.8-1.mga9.src.rpm
Assignee: geiger.david68210 => qa-bugs
Advisory with the SRPM from comment 2 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
CC: (none) => marja11Keywords: (none) => advisoryCVE: (none) => CVE-2023-39976
MGA9-64 Plasma in VirtualBox: No installation issues over the old packages. No previous updates for doxygen2man. One for libqb, bug 25751, which, apparently after some discussion at a QA meeting, was validated on a clean install. Looking on the Web at doxygen2man, it appears that application is also in developer territory, beyond the scope of QA. So... Giving this an OK and validating, based on the clean install.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA9-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0339.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED