Bug 14411

Summary:	[CVE 21] libtiff CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Arsenii <a.konovalov>
Component:	Contributed Packages	Assignee:	ROSA Linux Bugs <bugs>
Status:	CONFIRMED ---	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	major
Priority:	Normal	CC:	a.proklov, s.matveev
Version:	All	Flags:	a.konovalov: secteam_verified?
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Arsenii 2024-04-11 12:40:53 MSK

https://nvd.nist.gov/vuln/detail/CVE-2023-3164 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2023-52355 HIGH

Comment 1 Svyatoslav Matveev 2024-04-11 14:21:04 MSK

CVE-2023-3164 игнорируется.

Доп. информация:
https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/merge_requests/18440/diffs?commit_id=c159ac82e2fb4b31fa1ecae0c865070b70e63a89

Comment 2 Aleksandr Proklov 2024-04-12 04:47:52 MSK

CVE-2023-52355 вобще затрагивает только документацию