Bug 14420

Summary:	[CVE 21] expat CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Arsenii <a.konovalov>
Component:	Contributed Packages	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	major
Priority:	Normal	CC:	a.proklov, pastordidi, v.potapov
Version:	All	Flags:	v.potapov: qa_verified+ a.konovalov: secteam_verified? a.proklov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2023-52426,CVE-2023-52425,CVE-2024-28757
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Arsenii 2024-04-15 18:02:08 MSK

https://nvd.nist.gov/vuln/detail/CVE-2023-52426 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2023-52425 HIGH
https://nvd.nist.gov/vuln/detail/CVE-2024-28757 HIGH

Comment 1 Aleksandr Proklov 2024-04-16 05:17:34 MSK

уязвимости закрыты обновлением версии

expat	2.6.2-1

https://abf.io/build_lists/5022568
https://abf.io/build_lists/5022569 x64
https://abf.io/build_lists/5022570
https://abf.io/build_lists/5022571
https://abf.io/build_lists/5022572

Comment 2 Dmitry Postnikov 2024-05-07 10:39:04 MSK

*******************************
Обновление отослано в Тестинг

Comment 3 Vladimir Potapov 2024-05-14 15:26:09 MSK

expat-2.6.2-1
https://abf.io/build_lists/5022568
https://abf.io/build_lists/5022569 x64
https://abf.io/build_lists/5022570
https://abf.io/build_lists/5022571
https://abf.io/build_lists/5022572
************************ Advisory ************************
CVEs closed by version update
**********************************************************
QA Verified