kicad-developers team mailing list archive

[Seth Hillbrand <seth@xxxxxxxxxxxxx>]

Distributions that would like to release a patched version of 5.1, 5.0 or
4.0 can cherry-pick the patch series.  They should apply cleanly.

Seth

On Wed, Feb 16, 2022 at 9:16 AM Steven A. Falco <stevenfalco@xxxxxxxxx>
wrote:

> One additional question - I know that 5.1.12 was the last planned release
> in the 5.x series, and that 5.1.12 has the vulnerability.  Currently,
> because of Fedora policy, both F34 and F35 still ship 5.1.12.
>
> I'll ask on the Fedora list if this event qualifies as an exception to the
> policy, but if not, how involved would it be to patch 5.1.12, or perhaps to
> spin a 5.1.13 just to fix this issue?
>
>         Steve
>
> On 2/16/22 11:49 AM, Steven A. Falco wrote:
> > Excellent!  I'll note that on the Fedora bugs.
> >
> >      Thanks,
> >      Steve
> >
> > On 2/16/22 09:44 AM, Ian McInerney wrote:
> >> All 4 CVEs were fixed in the 6.0.2 release and the release announcement
> was updated last night to say this (to coincide with the public disclosure
> that happened today). There will be another email on the developer list
> later today with more details.
> >>
> >> -Ian
> >>
> >> On Wed, Feb 16, 2022 at 2:18 PM Steven A. Falco <stevenfalco@xxxxxxxxx
> <mailto:stevenfalco@xxxxxxxxx>> wrote:
> >>
> >>     I've just received a large number of bugs against KiCad, supposedly
> due to CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947.
> >>
> >>     I don't have time to look into them, but I wanted to make them
> known.  There are apparently also bugs for this on the gentoo site - here
> is one: https://bugs.gentoo.org/833426 <https://bugs.gentoo.org/833426>
> >>
> >>     Here are the Fedora bugs:
> >>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054956 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054956>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054957 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054957>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054959 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054959>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054960 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054960>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054955 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054955>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054973 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054973>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054974 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054974>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054979 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054979>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054980 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054980>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054958 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054958>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054972 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054972>
> >>     https://bugzilla.redhat.com/show_bug.cgi?id=2054978 <
> https://bugzilla.redhat.com/show_bug.cgi?id=2054978>
> >>
> >>     _______________________________________________
> >>     Mailing list: https://launchpad.net/~kicad-developers <
> https://launchpad.net/~kicad-developers>
> >>     Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx <mailto:
> kicad-developers@xxxxxxxxxxxxxxxxxxx>
> >>     Unsubscribe : https://launchpad.net/~kicad-developers <
> https://launchpad.net/~kicad-developers>
> >>     More help   : https://help.launchpad.net/ListHelp <
> https://help.launchpad.net/ListHelp>
> >>
> >
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp
>


-- 
[image: KiCad Services Corporation Logo]
Seth Hillbrand
*Lead Developer*
+1-530-302-5483‬
Long Beach, CA
www.kipro-pcb.com    info@xxxxxxxxxxxxx