Fedora has issued an advisory on September 29: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B5ZS2THGMPX2CG2C7OVYS5F7REKYJYJ/
Source RPM: (none) => cjson-1.7.15-2.1.mga9.src.rpmCVE: (none) => CVE-2024-31755
Suggested advisory: ======================== The updated packages fix a security vulnerability: cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. (CVE-2024-31755) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B5ZS2THGMPX2CG2C7OVYS5F7REKYJYJ/ ======================== Updated packages in core/updates_testing: ======================== lib(64)cjson1-1.7.15-2.2.mga9 lib(64)cjson-devel-1.7.15-2.2.mga9 from SRPM: cjson-1.7.15-2.2.mga9.src.rpm
Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNED
Keywords: (none) => advisory
RH x86_64 LC_ALL=C urpmi --auto --auto-update adding 2 new rpms not available in existing hdlist replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp updating /var/cache/urpmi/partial/MD5SUM updated medium "QA Testing (64-bit)" medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Nonfree 32bit Updates (distrib37)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date medium "BDK-Free-x86_64" is up-to-date medium "BDK-Free-noarch" is up-to-date medium "BDK-NonFree-x86_64" is up-to-date installing lib64cjson-devel-1.7.15-2.2.mga9.x86_64.rpm lib64cjson1-1.7.15-2.2.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/2: lib64cjson1 ################################################################################################## 2/2: lib64cjson-devel ################################################################################################## 1/2: removing lib64cjson-devel-1.7.15-2.1.mga9.x86_64 ################################################################################################## 2/2: removing lib64cjson1-1.7.15-2.1.mga9.x86_64 ################################################################################################## writing /var/lib/rpm/installed-through-deps.list Not sure of how to test cve, and was considered developers territoty in previous update
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0324.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED