Bug 14170

Summary:	[CVE 21] re2c CVE
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, pastordidi, s.matveev
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
URL:	CVE-2022-23901
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-21 17:27:30 MSK

https://nvd.nist.gov/vuln/detail/CVE-2022-23901 critical exploit!

Comment 1 Svyatoslav Matveev 2024-01-09 20:46:40 MSK

********** QA ADVISORY **********

CVE закрыто повышением версии.

Ссылки на исправления CVE-2022-23901:
https://github.com/skvadrik/re2c/commit/a3473fd7be829cb33907cb08612f955133c70a96
https://github.com/skvadrik/re2c/commit/039c18949190c5de5397eba504d2c75dad2ea9ca


*** re2c
**  upd: 2.2 .. 3.1

https://abf.io/build_lists/4951947 (x86_64)
https://abf.io/build_lists/4951948
https://abf.io/build_lists/4951949
https://abf.io/build_lists/4951950
https://abf.io/build_lists/4951951

**** rosa2021.15
*** re2c
**  upd: 2.2 .. 3.1

https://abf.io/build_lists/4951952
https://abf.io/build_lists/4951953
https://abf.io/build_lists/4951954

Comment 2 Dmitry Postnikov 2024-01-16 11:09:25 MSK

*****************************
Обновление отослано в Тестинг и опубликованно в 2021.15

Comment 3 Vladimir Potapov 2024-01-23 10:40:10 MSK

re2c-3.1-1
https://abf.io/build_lists/4951947 (x86_64)
https://abf.io/build_lists/4951948
https://abf.io/build_lists/4951949
https://abf.io/build_lists/4951950
https://abf.io/build_lists/4951951
****************************** Advisory **************************
CVE closed by version update
******************************************************************
QA Verified