Fedora has issue an advisory on March 24: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/ The problem is fixed in version 1.11.2. Mageia 9 is also affected.
CVE: (none) => CVE-2024-22871Whiteboard: (none) => MGA9TOOSource RPM: (none) => clojure-1.11.1-1.mga9.src.rpmStatus comment: (none) => Fixed upstream in 1.11.2
No one packager evident for this SRPM, so assigning globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated package fixes a security vulnerability: An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function. (CVE-2024-22871) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/ ======================== Updated package in core/updates_testing: ======================== clojure-1.11.2-1.mga9 from SRPM: clojure-1.11.2-1.mga9.src.rpm
Status: NEW => ASSIGNEDStatus comment: Fixed upstream in 1.11.2 => (none)Assignee: pkg-bugs => qa-bugsWhiteboard: MGA9TOO => (none)Version: Cauldron => 9
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. No previous updates or wiki. Googled and found https://clojure.org/guides/repl/basic_usage , so $ clojure Clojure 1.11.2 user=> (+ 2 3) 5 user=> (defn factorial [n] (if (= n 0) 1 (* n (factorial (dec n))))) #'user/factorial#'user/factorial user=> (factorial 10) #'user/factorial 3628800 So good enough for me
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0093.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED