Bug 14190

Summary:	[CVE 21] libde265 CVEs 2
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, s.matveev
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
URL:	CVE-2023-49465,CVE-2023-49467,CVE-2023-49468
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-29 17:17:09 MSK

https://nvd.nist.gov/vuln/detail/CVE-2023-49465 HIGH EXPLOIT
https://nvd.nist.gov/vuln/detail/CVE-2023-49467 HIGH EXPLOIT
https://nvd.nist.gov/vuln/detail/CVE-2023-49468 HIGH EXPLOIT!

Comment 1 Svyatoslav Matveev 2024-01-09 18:41:47 MSK

********** QA ADVISORY **********

Исправлено наложением патчей.

*** libde265
**  1.0.14 release +1

https://abf.io/build_lists/4951874 (x86_64)
https://abf.io/build_lists/4951875
https://abf.io/build_lists/4951876
https://abf.io/build_lists/4951877
https://abf.io/build_lists/4951878

**** rosa2021.15
*** libde265
**  1.0.14 release +1

https://abf.io/build_lists/4951879
https://abf.io/build_lists/4951880
https://abf.io/build_lists/4951881

Comment 2 Vladimir Potapov 2024-01-15 11:32:35 MSK

(In reply to Svyatoslav Matveev from comment #1)
> ********** QA ADVISORY **********
> 
> Исправлено наложением патчей.
> 
> *** libde265
> **  1.0.14 release +1
> 
> https://abf.io/build_lists/4951874 (x86_64)
> https://abf.io/build_lists/4951875
> https://abf.io/build_lists/4951876
> https://abf.io/build_lists/4951877
> https://abf.io/build_lists/4951878
*******************************************
The update sent to testings


> **** rosa2021.15
> *** libde265
> **  1.0.14 release +1
> 
> https://abf.io/build_lists/4951879
> https://abf.io/build_lists/4951880
> https://abf.io/build_lists/4951881
********************************************
Published

Comment 3 Vladimir Potapov 2024-01-23 11:32:10 MSK

libde265-1.0.14-2
https://abf.io/build_lists/4951874 (x86_64)
https://abf.io/build_lists/4951875
https://abf.io/build_lists/4951876
https://abf.io/build_lists/4951877
https://abf.io/build_lists/4951878
*************************** Advisory **************************
Critical CVEs fixed via patches
***************************************************************
QA Verified