Bug 2065582
| Summary: | CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 expat: various flaws [CentOS Stream 8] | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Sandro Bonazzola <sbonazzo> |
| Component: | expat | Assignee: | Tomas Korbar <tkorbar> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | rhel-cs-infra-services-qe <rhel-cs-infra-services-qe> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | CentOS Stream | CC: | bstinson, fhrdina, jorton, jwboyer |
| Target Milestone: | rc | Keywords: | Security, SecurityTracking |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-30 09:05:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2056363, 2056366, 2056370, 2065579 | ||
|
Description
Sandro Bonazzola
2022-03-18 09:08:27 UTC
https://koji.mbox.centos.org/koji/packageinfo?packageID=26 shows as latest build expat-2.2.5-5.el8 which is still affected by tracked CVEs. What is the process for handling these CS8 bugs? I see a new build in CentOS Stream koji now at https://koji.mbox.centos.org/koji/buildinfo?buildID=21436 which includes the CVE fixes in this bz. It didn't land on http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/Packages/?C=M;O=D yet For the process, redirecting question to bstinson expat-2.2.5-8.el8 landed on CentOS Stream 8 mirrors The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |