Bug 14119

Summary:	[CVE 21] libde265 CVEs
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Preinstalled software in the ISO	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, e.malashin, s.matveev
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-06 13:44:46 MSK

https://nvd.nist.gov/vuln/detail/CVE-2021-36410 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2021-35452 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2021-36411 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2021-36408 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43235 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43240 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43243 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43239 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43242 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43252 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43249 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43250 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43244 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43253 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43248 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43245 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43236 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43237 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43238 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-43241 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2021-36409 exploit!

Comment 1 Svyatoslav Matveev 2023-12-07 00:14:03 MSK

********** QA ADVISORY **********

Уязвимости закрыты обновлением,
судя по ссылкам обновленную версию не затрагивает.

*** libde265
**  1.0.8 .. 1.0.14 (merge rosa2023.1)

https://abf.io/build_lists/4858369
https://abf.io/build_lists/4858370
https://abf.io/build_lists/4858371
https://abf.io/build_lists/4858372
https://abf.io/build_lists/4858373

Зависит от libde265

*** libheif
**  rebuild 1.12.0 release +1

https://abf.io/build_lists/4858378
https://abf.io/build_lists/4858379
https://abf.io/build_lists/4858380
https://abf.io/build_lists/4858381
https://abf.io/build_lists/4858382

Comment 2 e.malashin@rosalinux.ru 2023-12-07 13:42:57 MSK

The update sent to testings

Comment 3 Vladimir Potapov 2023-12-14 16:53:32 MSK

libde265-1.0.14-1
https://abf.io/build_lists/4858369
https://abf.io/build_lists/4858370
https://abf.io/build_lists/4858371
https://abf.io/build_lists/4858372
https://abf.io/build_lists/4858373

libheif-1.12.0-4
https://abf.io/build_lists/4858378
https://abf.io/build_lists/4858379
https://abf.io/build_lists/4858380
https://abf.io/build_lists/4858381
https://abf.io/build_lists/4858382
******************************* Advisory *********************
CVE closed by update
**************************************************************
QA Verified