Bug 14423

Summary:	[CVE 21] dbus 1.12.20 CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Arsenii <a.konovalov>
Component:	Contributed Packages	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	normal
Priority:	Normal	CC:	a.proklov, e.malashin, s.matveev, v.potapov
Version:	All	Flags:	v.potapov: qa_verified+ a.konovalov: secteam_verified? a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Arsenii 2024-04-16 16:29:58 MSK

https://nvd.nist.gov/vuln/detail/CVE-2022-42010 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2022-42011 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2022-42012 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2023-34969 MEDIUM

Comment 1 Svyatoslav Matveev 2024-04-16 19:04:56 MSK

********** QA ADVISORY **********

Исправлено наложением патчей.

Ссылки на исправления:
CVE-2022-42010
https://gitlab.freedesktop.org/dbus/dbus/-/commit/9d07424e9011e3bbe535e83043d335f3093d2916

CVE-2022-42011
https://gitlab.freedesktop.org/dbus/dbus/-/commit/079bbf16186e87fb0157adf8951f19864bc2ed69

CVE-2022-42012
https://gitlab.freedesktop.org/dbus/dbus/-/commit/236f16e444e88a984cf12b09225e0f8efa6c5b44

CVE-2023-34969
https://gitlab.freedesktop.org/dbus/dbus/-/commit/b159849e031000d1dbc1ab876b5fc78a3ce9b534.patch

*** dbus
**  1.12.20 release +1

https://abf.io/build_lists/5022960 (x86_64)
https://abf.io/build_lists/5022961
https://abf.io/build_lists/5022962
https://abf.io/build_lists/5022963
https://abf.io/build_lists/5022964

Comment 2 e.malashin@rosalinux.ru 2024-04-18 18:46:22 MSK

The update sent to testings

Comment 3 Vladimir Potapov 2024-04-25 05:26:17 MSK

dbus-1.12.20-8
https://abf.io/build_lists/5022960 (x86_64)
https://abf.io/build_lists/5022961
https://abf.io/build_lists/5022962
https://abf.io/build_lists/5022963
https://abf.io/build_lists/5022964
********************** Advisory ***********************
Many CVEs closed by patches
*******************************************************
QA Verified