Bug 14062

Summary: [CVE21] e2fsprogs 1.46.5 CVEs
Product: [ROSA-based products] ROSA Fresh Reporter: Vladimir Potapov <v.potapov>
Component: Preinstalled software in the ISOAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: critical    
Priority: Highest CC: a.proklov, pastordidi
Version: AllFlags: v.potapov: qa_verified+
v.potapov: secteam_verified?
a.proklov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2022-1304
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Vladimir Potapov 2023-11-29 15:05:52 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2022-1304 Base Score: 7.8 HIGH
Comment 1 Aleksandr Proklov 2023-11-30 03:14:29 MSK 
уязвимость закрыта обновлением версии, патча нет.

e2fsprogs	1.46.6-1

https://abf.io/build_lists/4843289
https://abf.io/build_lists/4843290
https://abf.io/build_lists/4843291
https://abf.io/build_lists/4843292
https://abf.io/build_lists/4843293
Comment 2 Dmitry Postnikov 2023-12-01 22:19:15 MSK 
riscv64 сборка не собралась

*****************************
Обновление отослано в Тестинг
Comment 3 Vladimir Potapov 2023-12-05 11:11:45 MSK 
e2fsprogs-1.46.6-1
https://abf.io/build_lists/4843289
https://abf.io/build_lists/4843290
https://abf.io/build_lists/4843291
https://abf.io/build_lists/4843292
https://abf.io/build_lists/4843293
********************* Advisory ********************
CVE close by version update
***************************************************
QA Verified