kicad-developers team mailing list archive
-
kicad-developers team
-
Mailing list archive
-
Message #45593
Re: CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947
Distributions that would like to release a patched version of 5.1, 5.0 or
4.0 can cherry-pick the patch series. They should apply cleanly.
Seth
On Wed, Feb 16, 2022 at 9:16 AM Steven A. Falco <stevenfalco@xxxxxxxxx>
wrote:
> One additional question - I know that 5.1.12 was the last planned release
> in the 5.x series, and that 5.1.12 has the vulnerability. Currently,
> because of Fedora policy, both F34 and F35 still ship 5.1.12.
>
> I'll ask on the Fedora list if this event qualifies as an exception to the
> policy, but if not, how involved would it be to patch 5.1.12, or perhaps to
> spin a 5.1.13 just to fix this issue?
>
> Steve
>
> On 2/16/22 11:49 AM, Steven A. Falco wrote:
> > Excellent! I'll note that on the Fedora bugs.
> >
> > Thanks,
> > Steve
> >
> > On 2/16/22 09:44 AM, Ian McInerney wrote:
> >> All 4 CVEs were fixed in the 6.0.2 release and the release announcement
> was updated last night to say this (to coincide with the public disclosure
> that happened today). There will be another email on the developer list
> later today with more details.
> >>
> >> -Ian
> >>
> >> On Wed, Feb 16, 2022 at 2:18 PM Steven A. Falco <stevenfalco@xxxxxxxxx
> <mailto:stevenfalco@xxxxxxxxx>> wrote:
> >>
> >> I've just received a large number of bugs against KiCad, supposedly
> due to CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947.
> >>
> >> I don't have time to look into them, but I wanted to make them
> known. There are apparently also bugs for this on the gentoo site - here
> is one: https://bugs.gentoo.org/833426 <https://bugs.gentoo.org/833426>
> >>
> >> Here are the Fedora bugs:
> >>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054956 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054956>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054957 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054957>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054959 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054959>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054960 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054960>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054955 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054955>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054973 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054973>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054974 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054974>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054979 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054979>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054980 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054980>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054958 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054958>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054972 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054972>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=2054978 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054978>
> >>
> >> _______________________________________________
> >> Mailing list: https://launchpad.net/~kicad-developers <
> https://launchpad.net/~kicad-developers>
> >> Post to : kicad-developers@xxxxxxxxxxxxxxxxxxx <mailto:
> kicad-developers@xxxxxxxxxxxxxxxxxxx>
> >> Unsubscribe : https://launchpad.net/~kicad-developers <
> https://launchpad.net/~kicad-developers>
> >> More help : https://help.launchpad.net/ListHelp <
> https://help.launchpad.net/ListHelp>
> >>
> >
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help : https://help.launchpad.net/ListHelp
>
--
[image: KiCad Services Corporation Logo]
Seth Hillbrand
*Lead Developer*
+1-530-302-5483
Long Beach, CA
www.kipro-pcb.com info@xxxxxxxxxxxxx
Follow ups
References
-
CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947
From: Steven A. Falco, 2022-02-16
-
Re: CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947
From: Ian McInerney, 2022-02-16
-
Re: CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947
From: Steven A. Falco, 2022-02-16
-
Re: CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947
From: Steven A. Falco, 2022-02-16