Bug 2077054 - Rebuild usd with updated stb_image-{devel,static} for CVE-2022-28041
Summary: Rebuild usd with updated stb_image-{devel,static} for CVE-2022-28041
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: usd
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Ben Beasley
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: CVE-2022-28041
TreeView+ depends on / blocked
 
Reported: 2022-04-20 14:51 UTC by Ben Beasley
Modified: 2022-05-07 04:16 UTC (History)
3 users (show)

Fixed In Version: usd-21.08-19.fc34 usd-21.11-11.fc35 usd-22.03-8.fc36
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-04-29 06:56:21 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Ben Beasley 2022-04-20 14:51:21 UTC
Once “stb” updates and buildroot overrides are ready for bug 2077020, rebuild usd in all supported Fedora releases with the latest stb-image-devel in order to pick up the patch for CVE-2022-28041, and issue corresponding security updates.

Comment 1 Ben Beasley 2022-04-20 14:55:50 UTC
I’m going to wait for https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87bba6546, currently in “testing→stable”, before creating the F36 update, and for https://bodhi.fedoraproject.org/updates/FEDORA-2022-ae41947c20, which hits stable tomorrow, before creating the F35 update. I don’t really want to “reset the clock” on those two updates.

Comment 2 Fedora Update System 2022-04-20 18:39:19 UTC
FEDORA-2022-832689aa6b has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-832689aa6b

Comment 3 Fedora Update System 2022-04-21 21:48:05 UTC
FEDORA-2022-832689aa6b has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-832689aa6b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-832689aa6b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 4 Fedora Update System 2022-04-22 11:21:12 UTC
FEDORA-2022-61f6ee6353 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-61f6ee6353

Comment 5 Fedora Update System 2022-04-22 11:24:17 UTC
FEDORA-2022-c87bba6546 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87bba6546

Comment 6 Ben Beasley 2022-04-22 13:07:07 UTC
I decided to edit https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87bba6546 for F36 with a new usd build after all. Now all releases have updates at some stage of pending/testing/stable for this.

Comment 7 Fedora Update System 2022-04-23 17:13:12 UTC
FEDORA-2022-c87bba6546 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-c87bba6546`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87bba6546

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2022-04-23 19:06:41 UTC
FEDORA-2022-61f6ee6353 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-61f6ee6353`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-61f6ee6353

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2022-04-29 06:56:21 UTC
FEDORA-2022-832689aa6b has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Fedora Update System 2022-05-01 19:39:10 UTC
FEDORA-2022-61f6ee6353 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 11 Fedora Update System 2022-05-07 04:16:33 UTC
FEDORA-2022-c87bba6546 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.