Ubuntu has issued an advisory on July 16: https://ubuntu.com/security/notices/USN-6899-1 Mageia 9 is also affected.
Whiteboard: (none) => MGA9TOOSource RPM: (none) => gtk+3.0-3.24.43-1.mga10.src.rpm, gtk+2.0-2.24.33-5.mga9.src.rpmStatus comment: (none) => Patches available from UbuntuCVE: (none) => CVE-2024-6655
I cannot find the patches. This is the best thing I did find: gtk+2.0_2.24.33.orig.tar.xz https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/gtk+2.0/2.24.33-4ubuntu1.1/gtk+2.0_2.24.33.orig.tar.xz but the equivalent link for GTK+3 went nowhere. They are Ubuntu files anyway. Assigning globally.
Assignee: bugsquad => pkg-bugs
Hi, In Debian and Ubuntu, the "orig" tarballs are the upstream ones. The patches from Debian or Ubuntu are in the "debian" tarballs: https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/gtk+2.0/2.24.33-4ubuntu1.1/gtk+2.0_2.24.33-4ubuntu1.1.debian.tar.xz https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/gtk+3.0/3.24.41-4ubuntu1.1/gtk+3.0_3.24.41-4ubuntu1.1.debian.tar.xz Best regards, Nico.