Bug 14244

Summary: [CVE 21] vorbis-tools 1.4.2 CVE
Product: [ROSA-based products] ROSA Fresh Reporter: Vladimir Potapov <v.potapov>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: critical    
Priority: Highest CC: a.proklov, e.malashin, s.matveev
Version: AllFlags: v.potapov: qa_verified+
v.potapov: secteam_verified?
a.proklov: published+
Target Milestone: 2021.1 Fresh R12   
Hardware: All   
OS: Linux   
URL: CVE-2023-43361
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Vladimir Potapov 2024-01-12 16:49:47 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2023-43361 HIGH
Comment 1 Svyatoslav Matveev 2024-01-14 18:34:03 MSK 
********** QA ADVISORY **********

CVE-2023-43361 закрыто патчем.

Upstream fix:
https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7

*** vorbis-tools
**  1.4.2 release +1

https://abf.io/build_lists/4955407 (x86_64)
https://abf.io/build_lists/4955408
https://abf.io/build_lists/4955406
https://abf.io/build_lists/4955409
https://abf.io/build_lists/4955410

**  rosa2021.15 (опубликовано)
*** vorbis-tools
**  1.4.2 release +1

https://abf.io/build_lists/4955412
https://abf.io/build_lists/4955411
https://abf.io/build_lists/4955413
Comment 2 e.malashin@rosalinux.ru 2024-01-16 14:52:14 MSK 
The update sent to testings
Comment 3 Vladimir Potapov 2024-01-24 09:19:39 MSK 
vorbis-tools-1.4.2-3
https://abf.io/build_lists/4955407 (x86_64)
https://abf.io/build_lists/4955408
https://abf.io/build_lists/4955406
https://abf.io/build_lists/4955409
https://abf.io/build_lists/4955410
************************** Advisory ***********************
CVE closed via patch
***********************************************************
QA Verified