| Summary: | [CVE 21] mosquitto 1.6.12 CVEs found | ||
|---|---|---|---|
| Product: | [ROSA-based products] ROSA Fresh | Reporter: | Yury <y.tumanov> |
| Component: | System (kernel, glibc, systemd, bash, PAM...) | Assignee: | ROSA Linux Bugs <bugs> |
| Status: | VERIFIED FIXED | QA Contact: | ROSA Linux Bugs <bugs> |
| Severity: | critical | ||
| Priority: | High | CC: | a.proklov, m.novosyolov, pastordidi, s.matveev, v.potapov, y.tumanov |
| Version: | All | Flags: | v.potapov:
qa_verified+
y.tumanov: secteam_verified+ a.proklov: published+ |
| Target Milestone: | 2021.1 Fresh R12 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | CVE-2021-34431, CVE-2021-41039, | ||
| Whiteboard: | |||
| Platform: | 2021.1 | ROSA Vulnerability identifier: | |
| RPM Package: | ISO-related: | ||
| Bad POT generating: | Upstream: | ||
| Attachments: | mos1.png | ||
|
Description
Yury
2023-05-03 18:00:45 MSK
Не ява, обновить надо, можно поднять версию. ********** QA ADVISORY ********** Cve закрыты обновлением. Проект cjson перенесен из contrib в main, требуется для сборки mosquitto. *** cjson https://abf.io/build_lists/4442859 https://abf.io/build_lists/4442860 https://abf.io/build_lists/4442858 https://abf.io/build_lists/4442862 https://abf.io/build_lists/4442861 *** mosquitto ** upd: 1.6.12 > 2.0.15 https://abf.io/build_lists/4442866 https://abf.io/build_lists/4442867 https://abf.io/build_lists/4442868 https://abf.io/build_lists/4442869 https://abf.io/build_lists/4442870 Created attachment 5890 [details]
mos1.png
При установке, почему-то тащит либу lib64mosquitto1 изи Майн, старой версии.
(In reply to Dmitry Postnikov from comment #3) > Created attachment 5890 [details] > mos1.png > > При установке, почему-то тащит либу lib64mosquitto1 изи Майн, старой версии. пересобрано ,не должно тащить. https://abf.io/build_lists/4443281 https://abf.io/build_lists/4443282 https://abf.io/build_lists/4443283 https://abf.io/build_lists/4443284 https://abf.io/build_lists/4443285 (In reply to Svyatoslav Matveev from comment #4) > (In reply to Dmitry Postnikov from comment #3) > > Created attachment 5890 [details] > > mos1.png > > > > При установке, почему-то тащит либу lib64mosquitto1 изи Майн, старой версии. > > пересобрано ,не должно тащить. > > https://abf.io/build_lists/4443281 > https://abf.io/build_lists/4443282 > https://abf.io/build_lists/4443283 > https://abf.io/build_lists/4443284 > https://abf.io/build_lists/4443285 У контейнеров 404-я страница. Контейнеры сами починились, или что-то на абф сделали. Проверяю.... *************************** The update sent to testings(In reply to Svyatoslav Matveev from comment #2) > ********** QA ADVISORY ********** > > Cve закрыты обновлением. > > Проект cjson перенесен из contrib в main, > требуется для сборки mosquitto. > > *** cjson > > https://abf.io/build_lists/4442859 > https://abf.io/build_lists/4442860 > https://abf.io/build_lists/4442858 > https://abf.io/build_lists/4442862 > https://abf.io/build_lists/4442861 > > *** mosquitto > ** upd: 1.6.12 > 2.0.15 > > > > https://abf.io/build_lists/4443281 > > https://abf.io/build_lists/4443282 > > https://abf.io/build_lists/4443283 > > https://abf.io/build_lists/4443284 > > https://abf.io/build_lists/4443285 > *************************** The update sent to testings cjson-1.7.15-0.gitb45f48.2 https://abf.io/build_lists/4442859 https://abf.io/build_lists/4442860 https://abf.io/build_lists/4442858 https://abf.io/build_lists/4442862 https://abf.io/build_lists/4442861 mosquitto-2.0.15-2 https://abf.io/build_lists/4443281 https://abf.io/build_lists/4443282 https://abf.io/build_lists/4443283 https://abf.io/build_lists/4443284 https://abf.io/build_lists/4443285 ********************* Advisory ************************** upd: 1.6.12 > 2.0.15 ********************************************************* QA Verified Secteam Verified |