openSUSE has issued an advisory on May 24: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/55ZLZN7U7KUGQ7YANJIPQP7R7ESP6B3L/ Mageia 9 is also affected.
Source RPM: (none) => qtnetworkauth5, qtnetworkauth6Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2024-36048Status comment: (none) => Fixed upstream in 5.15.17 and 6.5.6 or 6.7.1 and patches available from openSUSE and upstream
Fixed for Cauldron both qtnetworkauth6 and qtnetworkauth5!
CC: (none) => geiger.david68210
Assigning to QA, Packages in 9/Core/Updates_testing: ====================== libqt5networkauth-devel-5.15.7-1.1.mga9 libqt5networkauth5-5.15.7-1.1.mga9 lib64qt5networkauth-devel-5.15.7-1.1.mga9 lib64qt5networkauth5-5.15.7-1.1.mga9 qtnetworkauth5-doc-5.15.7-1.1.mga9.noarch.rpm libqt6networkauth-devel-6.4.1-1.1.mga9 libqt6networkauth6-6.4.1-1.1.mga9 lib64qt6networkauth-devel-6.4.1-1.1.mga9 lib64qt6networkauth6-6.4.1-1.1.mga9 From SRPMS: qtnetworkauth5-5.15.7-1.1.mga9.src.rpm qtnetworkauth6-6.4.1-1.1.mga9.src.rpm
Assignee: bugsquad => qa-bugsVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)
Keywords: (none) => advisory
Created attachment 14551 [details] Install/Uninstall log RH mageia 9 x86_64 I just test install/uninstall Feel free of test applications that depends on this urpmq --whatrequires-recursive lib64qt5networkauth5|uniq akonadi-kde choqok digikam kaddressbook kalarm kalarm-handbook kalendar kbibtex kdenlive kdepim-addons kmail kmail-handbook knotes knotes-handbook korganizer korganizer-handbook lib64choqok-devel lib64gnusocialapihelper1 lib64kaddressbookprivate5 lib64kbibtex-devel lib64kbibtex0 lib64kpim5addressbookimportexport5 lib64kpimaddressbookimportexport-devel lib64qt5networkauth-devel lib64qt5networkauth5 lib64twitterapihelper1 libkaddressbookprivate5 libkpim5addressbookimportexport5 libkpimaddressbookimportexport-devel mscore python3-qt5-networkauth zanshin urpmq --whatrequires-recursive lib64qt6networkauth6|uniq calibre eric7 lib64qt6networkauth-devel lib64qt6networkauth6 python3-pyside6-networkauth python3-qt6 python3-qt6-devel python3-qt6-networkauth python3-qt6-qscintilla
Give OK in base, a clean install and not additional test by the team
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. Installed mscore and run it under strace, wrote a small score, saved it and found in the trace: openat(AT_FDCWD, "/lib64/libQt5NetworkAuth.so.5", O_RDONLY|O_CLOEXEC) = 3 Installed and run eric7 under strace , run hello world and found in the trace: openat(AT_FDCWD, "/lib64/libQt6Network.so.6", O_RDONLY|O_CLOEXEC) = 3 Should be OK
CC: (none) => herman.viaene
You beat me to it, Herman. I had a few minutes, so I thought I'd try it with Zanshin, described as "A Getting Things Done application which aims at getting your mind like water." Not sure if I like that idea, but I installed and ran it under strace, anyway. Seems to be an app for maintaining a ToDo list. Being of an earlier generation, that's something I've always done with a pad in my pocket. No electronics involved. Anyway, searching the trace showed three times where "/usr/lib64/libQt5Network.so.5.15.7" was invoked, and the application worked as it should (I guess), so that confirms the OK. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0197.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED