Proposed as a Freeze Exception for 39-final by Fedora user thebeanogamer using the blocker tracking app because:

 This vulnerability allows an attacker to take execute arbitrary code on a user's device by downloading a file. tracker-miners have hardened their side, but we should deploy the real fix.

As this can be fixed by a package update, and we don't run Gnome in the installer, I've got for FE instead of Blocker. I'm happy to update this if incorrect.

See above, I've raised a BlockerBug for this.

https://src.fedoraproject.org/rpms/libcue/pull-request/2 should be ready to merge. As mentioned on there, I'd recommend applying this to every branch.

I've also created bug 2242946 to cover the tracker-miners side.

Please let me know if there's anything else I can do to help with this.

+5 in https://pagure.io/fedora-qa/blocker-review/issue/1395 , marking accepted FE. This may even be a blocker - we do have the GNOME-based Workstation live image, after all, and it *is* possible to use the live image as a working environment.

Gonna at least propose this as a blocker for now, so we remember to consider it before shipping anything.

*** Bug 2243014 has been marked as a duplicate of this bug. ***

FEDORA-2023-1fe05ac8d9 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-1fe05ac8d9

FEDORA-2023-eec9ce5935 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-eec9ce5935

FEDORA-2023-f4e74a94a2 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-f4e74a94a2

FEDORA-2023-f4e74a94a2 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-f4e74a94a2`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-f4e74a94a2

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

FEDORA-2023-1fe05ac8d9 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-1fe05ac8d9`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-1fe05ac8d9

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

FEDORA-2023-eec9ce5935 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-eec9ce5935`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-eec9ce5935

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

+9 blocker in https://pagure.io/fedora-qa/blocker-review/issue/1395 , marking accepted. This supersedes FE status, so clearing that.

FEDORA-2023-f4e74a94a2 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.

FEDORA-2023-eec9ce5935 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

FEDORA-2023-1fe05ac8d9 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.