Bug 14068

Summary:	[CVE21]giflib CVEs
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, e.kosachev, e.malashin, s.matveev
Version:	All	Flags:	v.potapov: qa_verified+ e.kosachev: secteam_verified+ a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
URL:	CVE-2023-39742,CVE-2022-28506
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-11-30 12:41:59 MSK

https://nvd.nist.gov/vuln/detail/CVE-2023-39742 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-28506 Exploit!

Comment 1 Svyatoslav Matveev 2023-11-30 14:46:16 MSK

********** QA ADVISORY **********

Закрыто наложением патчей.

*** giflib
**  5.2.1 release +1

https://abf.io/build_lists/4849174
https://abf.io/build_lists/4849175
https://abf.io/build_lists/4849173
https://abf.io/build_lists/4849176
https://abf.io/build_lists/4849177

Comment 2 e.malashin@rosalinux.ru 2023-12-01 17:39:12 MSK

The update sent to testings

Comment 3 Vladimir Potapov 2023-12-04 18:47:06 MSK

giflib-5.2.1-4
https://abf.io/build_lists/4849174
https://abf.io/build_lists/4849175
https://abf.io/build_lists/4849173
https://abf.io/build_lists/4849176
https://abf.io/build_lists/4849177
************************ Advisory **********************
CVE closed by patches
********************************************************
QA Verified

Comment 4 Eduard 2024-06-17 12:09:30 MSK

*******************************************************
Secteam_verified
*******************************************************
https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2434
*******************************************************