Bug 14117

Summary:	CVE 21] leptonica 1.79.0 CVEs found - 2
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, e.malashin, i.gaptrakhmanov
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-06 11:41:33 MSK

https://nvd.nist.gov/vuln/detail/CVE-2020-36277 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2020-36278 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2020-36281 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2020-36279 exploit!

Comment 1 ilfat 2023-12-06 12:36:35 MSK

******** QA ADVISORY ********

CVEs fixed by update

# leptonica 1.82.0-1
https://abf.rosalinux.ru/build_lists/4858135 i686
https://abf.rosalinux.ru/build_lists/4858136 x86_64
https://abf.rosalinux.ru/build_lists/4858137 aarch64
https://abf.rosalinux.ru/build_lists/4858138 riscv64
https://abf.rosalinux.ru/build_lists/4858139 e2kv4

Comment 2 e.malashin@rosalinux.ru 2023-12-07 17:20:04 MSK

The update sent to testings

Comment 3 Vladimir Potapov 2023-12-14 11:54:27 MSK

leptonica-1.82.0-1
https://abf.rosalinux.ru/build_lists/4858135 i686
https://abf.rosalinux.ru/build_lists/4858136 x86_64
https://abf.rosalinux.ru/build_lists/4858137 aarch64
https://abf.rosalinux.ru/build_lists/4858138 riscv64
https://abf.rosalinux.ru/build_lists/4858139 e2kv4
******************************* Advisory ***********************
CVEs fixed by update
****************************************************************
QA Verified