Fedora has issued an advisory on March 7: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZTPXEPTMASG37NDGAQMH2OTM6OPIP5A/ The issue is fixed in version 2.15. It seems libell needs to be updated to 0.63 as well: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O6UR2NSS46QBO2JH6NBEENZYU4PV7IH5/
Source RPM: (none) => iwd, libellCVE: (none) => CVE-2023-52161
Does this apply also to Mageia 9? If so, pleas add MGA9TOO Whiteboard. We do not have iwd v2.15, but more recent 2.16 in Cauldron. For M9, I think the pkg is 'lib64ell0' in SRPM 'ell-0.55-1.mga9.src.rpm'. Cauldron shows we already (just) have version 0.63. Exceptionally assigning this to wally, who did all recent updates for both SRPMS.
Assignee: bugsquad => jani.valimaaStatus comment: (none) => fixed in iwd version 2.15; need also libell 0.63
(In reply to Lewis Smith from comment #1) > Does this apply also to Mageia 9? If so, pleas add MGA9TOO Whiteboard. > > We do not have iwd v2.15, but more recent 2.16 in Cauldron. > > For M9, I think the pkg is 'lib64ell0' in SRPM 'ell-0.55-1.mga9.src.rpm'. > Cauldron shows we already (just) have version 0.63. > > Exceptionally assigning this to wally, who did all recent updates for both > SRPMS. Mageia 9 not affected as iwd was imported only after mga9 was released and cauldron reopened.
Source RPM: iwd, libell => iwd, ellStatus comment: fixed in iwd version 2.15; need also libell 0.63 => fixed in iwd version 2.15; need also ell 0.63
Closing as FIXED. In Cauldron we already have: iwd-2.16-1.mga10 ell-0.63-1.mga10
Resolution: (none) => FIXEDStatus: NEW => RESOLVED