Opened 2 years ago
Closed 2 years ago
#17162 closed enhancement (fixed)
libksba-1.6.2
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (5)
comment:1 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 2 years ago
comment:3 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits
8aa560c873 Update to libgpg-error-1.46. eaeb4f0f98 Update to libksba-1.6.2. 28ebeb0cea Update to btrfs-progs-v6.0.
comment:4 by , 2 years ago
| Priority: | normal → elevated |
|---|---|
| Resolution: | fixed |
| Status: | closed → reopened |
The release of gnupg-2.3.8 is noted as fixing CVE-2022-3515 but in fact that fix is only in the binary downloads - linux distros and other 'nix systems use separate libksba which is where the fix is (presumably the integer overflow referred to above)
Upstream advisory is https://gnupg.org/blog/20221017-pepe-left-the-ksba.html and the CVE number is mentioned at https://www.mail-archive.com/gnupg-users@gnupg.org/msg40925.html
Reopening until I do the advisory, and will belatedly mark the change as a security fix.
Note:
See TracTickets
for help on using tickets.
Noteworthy changes in version 1.6.2 (2022-10-07)