Bug 14149

Summary:	[CVE 21] openjpeg2 2.4.0 CVE
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Preinstalled software in the ISO	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, pastordidi
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2022-1122,CVE-2021-29338
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-11 11:41:40 MSK

https://nvd.nist.gov/vuln/detail/CVE-2022-1122 medium
https://nvd.nist.gov/vuln/detail/CVE-2021-3575 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2021-29338 exploit!

Comment 1 Aleksandr Proklov 2023-12-12 04:36:12 MSK

CVE-2021-3575 все еще не закрыта в апстриме https://github.com/uclouvain/openjpeg/issues/1347 черновой патч я не буду использовать.

CVE-2022-1122 - закрыта патчем
CVE-2021-29338 - закрыта патчем

openjpeg2	2.4.0-3

https://abf.io/build_lists/4885485
https://abf.io/build_lists/4885486 х64
https://abf.io/build_lists/4885487
https://abf.io/build_lists/4885488
https://abf.io/build_lists/4885489

Comment 2 Dmitry Postnikov 2023-12-12 18:21:33 MSK

*****************************
Обновление отослано в Тестинг

Comment 3 Vladimir Potapov 2023-12-14 16:51:59 MSK

openjpeg2-2.4.0-3
https://abf.io/build_lists/4885485
https://abf.io/build_lists/4885486 х64
https://abf.io/build_lists/4885487
https://abf.io/build_lists/4885488
https://abf.io/build_lists/4885489
************************** Advisory ***********************
CVE closed by patches
***********************************************************
QA Verified