kicad-developers team mailing list archive

[Ian McInerney <ian.s.mcinerney@xxxxxxxx>]

All 4 CVEs were fixed in the 6.0.2 release and the release announcement was
updated last night to say this (to coincide with the public disclosure that
happened today). There will be another email on the developer list later
today with more details.

-Ian

On Wed, Feb 16, 2022 at 2:18 PM Steven A. Falco <stevenfalco@xxxxxxxxx>
wrote:

> I've just received a large number of bugs against KiCad, supposedly due to
> CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947.
>
> I don't have time to look into them, but I wanted to make them known.
> There are apparently also bugs for this on the gentoo site - here is one:
> https://bugs.gentoo.org/833426
>
> Here are the Fedora bugs:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=2054956
> https://bugzilla.redhat.com/show_bug.cgi?id=2054957
> https://bugzilla.redhat.com/show_bug.cgi?id=2054959
> https://bugzilla.redhat.com/show_bug.cgi?id=2054960
> https://bugzilla.redhat.com/show_bug.cgi?id=2054955
> https://bugzilla.redhat.com/show_bug.cgi?id=2054973
> https://bugzilla.redhat.com/show_bug.cgi?id=2054974
> https://bugzilla.redhat.com/show_bug.cgi?id=2054979
> https://bugzilla.redhat.com/show_bug.cgi?id=2054980
> https://bugzilla.redhat.com/show_bug.cgi?id=2054958
> https://bugzilla.redhat.com/show_bug.cgi?id=2054972
> https://bugzilla.redhat.com/show_bug.cgi?id=2054978
>
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp
>