33205 – stb new security issue CVE-2023-45681 / CVE-2023-47212

Bug 33205 - stb new security issue CVE-2023-45681 / CVE-2023-47212

Summary: stb new security issue CVE-2023-45681 / CVE-2023-47212

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2024-05-13 15:41 CEST by Nicolas Salguero
Modified:	2024-05-22 01:18 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	stb-0-0.git20240213.1.mga10.src.rpm
CVE:	CVE-2023-45681, CVE-2023-47212
Status comment:	Patch available from Fedora

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-05-13 15:41:43 CEST

Fedora has issued an advisory on May 11:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHQQXX27ACLLYUQHWSL3DVCOGUK5ZA4/

Mageia 9 is also affected.

The fix is: https://src.fedoraproject.org/rpms/stb/raw/964fb3861ef6c418ef0f189b9cc047aabf83f16c/f/1559.patch

Nicolas Salguero 2024-05-13 15:42:18 CEST

Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2023-45681, CVE-2023-47212
Status comment: (none) => Patch available from Fedora
Source RPM: (none) => stb-0-0.git20240213.1.mga10.src.rpm

Comment 1 Lewis Smith 2024-05-16 20:57:32 CEST

No one packager in view, assigning this globally.

Assignee: bugsquad => pkg-bugs

Comment 2 David GEIGER 2024-05-17 16:02:24 CEST

Assigning to the registered maintainer!

CC: (none) => geiger.david68210
Assignee: pkg-bugs => smelror

Comment 3 David GEIGER 2024-05-18 07:52:00 CEST

Fixed for Cauldron and mga9 too!


Assigning to QA,


Packages in 9/Core/Updates_testing:
======================
stb-devel-0-0.git20230129.4.1.mga9.noarch.rpm


From SRPMS:
stb-0-0.git20230129.4.1.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Assignee: smelror => qa-bugs
Version: Cauldron => 9

katnatek 2024-05-18 19:11:29 CEST

Keywords: (none) => advisory

Comment 4 Thomas Andrews 2024-05-19 01:34:15 CEST

This is described as "single-file public domain libraries for C/C++" and urpmq doesn't come up with anything that requires it.

MGA9-64 Plasma in VirtualBox. Installed without issues, updated using qarepo, also without issues. Removed it, also without issues.

This is developer stuff. Validating on the clean install.

Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 5 Mageia Robot 2024-05-22 01:18:24 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0186.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.