33995 – simgear and flightgear new security issue CVE-2025-0781

Bug 33995 - simgear and flightgear new security issue CVE-2025-0781

Summary: simgear and flightgear new security issue CVE-2025-0781

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Chris Denice
QA Contact:	Sec team

URL:
Whiteboard:	MGA9TOO
Keywords:

Depends on:
Blocks:

Reported:	2025-02-07 15:34 CET by Nicolas Salguero
Modified:	2025-02-10 10:10 CET (History)
CC List:	0 users

See Also:
Source RPM:	simgear-2024.1.1-2.rc4.2.mga10.src.rpm, flightgear-2024.1.1-2.rc4.2.mga10.src.rpm, simgear-2020.3.19-1.mga9.src.rpm, flightgear-2020.3.19-1.mga9.src.rpm
CVE:	CVE-2025-0781
Status comment:	Patches available from Fedora and upstream

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-02-07 15:34:10 CET

Fedora has issued advisories on February 7:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42FGGQPT2M5V5Q7UL5ZBDHAHATBFZHPB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EY5GKUGHTYXGWJFEYFMNGJ5OOPNH73NS/

Nicolas Salguero 2025-02-07 15:35:36 CET

Status comment: (none) => Patches available from Fedora
CVE: (none) => CVE-2025-0781
Source RPM: (none) => simgear-2020.3.19-1.mga9.src.rpm, flightgear-2020.3.19-1.mga9.src.rpm

Comment 1 Nicolas Salguero 2025-02-07 15:38:24 CET

Fixes for Cauldron:
https://gitlab.com/flightgear/simgear/-/commit/5bb023647114267141a7610e8f1ca7d6f4f5a5a8 (simgear)
https://gitlab.com/flightgear/flightgear/-/commit/ad37afce28083fad7f79467b3ffdead753584358 (flightgear)

Version: 9 => Cauldron
Whiteboard: (none) => MGA9TOO
Status comment: Patches available from Fedora => Patches available from Fedora and upstream

Nicolas Salguero 2025-02-07 15:38:55 CET

Source RPM: simgear-2020.3.19-1.mga9.src.rpm, flightgear-2020.3.19-1.mga9.src.rpm => simgear-2024.1.1-2.rc4.2.mga10.src.rpm, flightgear-2024.1.1-2.rc4.2.mga10.src.rpm, simgear-2020.3.19-1.mga9.src.rpm, flightgear-2020.3.19-1.mga9.src.rpm

Comment 2 Lewis Smith 2025-02-09 19:58:15 CET

It looks as if ChrisD is still updating these packages, so assigning this bug to you.

Assignee: bugsquad => eatdirt

Comment 3 Chris Denice 2025-02-10 10:10:35 CET

Yes, this is quite a minor CVE, no escalation above user's privileges.
I'll push an update!

thanks.

Note You need to log in before you can comment on or make changes to this bug.