Distributions that would like to release a patched version of 5.1,
5.0 or 4.0 can cherry-pick the patch series. They should apply cleanly.
Seth
On Wed, Feb 16, 2022 at 9:16 AM Steven A. Falco
<stevenfalco@xxxxxxxxx <mailto:stevenfalco@xxxxxxxxx>> wrote:
One additional question - I know that 5.1.12 was the last planned
release in the 5.x series, and that 5.1.12 has the vulnerability.
Currently, because of Fedora policy, both F34 and F35 still ship 5.1.12.
I'll ask on the Fedora list if this event qualifies as an
exception to the policy, but if not, how involved would it be to
patch 5.1.12, or perhaps to spin a 5.1.13 just to fix this issue?
Steve
On 2/16/22 11:49 AM, Steven A. Falco wrote:
> Excellent! I'll note that on the Fedora bugs.
>
> Thanks,
> Steve
>
> On 2/16/22 09:44 AM, Ian McInerney wrote:
>> All 4 CVEs were fixed in the 6.0.2 release and the release
announcement was updated last night to say this (to coincide with the
public disclosure that happened today). There will be another email
on the developer list later today with more details.
>>
>> -Ian
>>
>> On Wed, Feb 16, 2022 at 2:18 PM Steven A. Falco
<stevenfalco@xxxxxxxxx <mailto:stevenfalco@xxxxxxxxx>
<mailto:stevenfalco@xxxxxxxxx <mailto:stevenfalco@xxxxxxxxx>>> wrote:
>>
>> I've just received a large number of bugs against KiCad,
supposedly due to CVE-2022-23803, CVE-2022-23804, CVE-2022-23946,
CVE-2022-23947.
>>
>> I don't have time to look into them, but I wanted to make
them known. There are apparently also bugs for this on the gentoo
site - here is one: https://bugs.gentoo.org/833426
<https://bugs.gentoo.org/833426> <https://bugs.gentoo.org/833426
<https://bugs.gentoo.org/833426>>
>>
>> Here are the Fedora bugs:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054956
<https://bugzilla.redhat.com/show_bug.cgi?id=2054956>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054956
<https://bugzilla.redhat.com/show_bug.cgi?id=2054956>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054957
<https://bugzilla.redhat.com/show_bug.cgi?id=2054957>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054957
<https://bugzilla.redhat.com/show_bug.cgi?id=2054957>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054959
<https://bugzilla.redhat.com/show_bug.cgi?id=2054959>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054959
<https://bugzilla.redhat.com/show_bug.cgi?id=2054959>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054960
<https://bugzilla.redhat.com/show_bug.cgi?id=2054960>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054960
<https://bugzilla.redhat.com/show_bug.cgi?id=2054960>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054955
<https://bugzilla.redhat.com/show_bug.cgi?id=2054955>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054955
<https://bugzilla.redhat.com/show_bug.cgi?id=2054955>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054973
<https://bugzilla.redhat.com/show_bug.cgi?id=2054973>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054973
<https://bugzilla.redhat.com/show_bug.cgi?id=2054973>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054974
<https://bugzilla.redhat.com/show_bug.cgi?id=2054974>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054974
<https://bugzilla.redhat.com/show_bug.cgi?id=2054974>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054979
<https://bugzilla.redhat.com/show_bug.cgi?id=2054979>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054979
<https://bugzilla.redhat.com/show_bug.cgi?id=2054979>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054980
<https://bugzilla.redhat.com/show_bug.cgi?id=2054980>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054980
<https://bugzilla.redhat.com/show_bug.cgi?id=2054980>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054958
<https://bugzilla.redhat.com/show_bug.cgi?id=2054958>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054958
<https://bugzilla.redhat.com/show_bug.cgi?id=2054958>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054972
<https://bugzilla.redhat.com/show_bug.cgi?id=2054972>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054972
<https://bugzilla.redhat.com/show_bug.cgi?id=2054972>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054978
<https://bugzilla.redhat.com/show_bug.cgi?id=2054978>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054978
<https://bugzilla.redhat.com/show_bug.cgi?id=2054978>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers>
<https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers>>
>> Post to : kicad-developers@xxxxxxxxxxxxxxxxxxx
<mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>
<mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx
<mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>>
>> Unsubscribe : https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers>
<https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers>>
>> More help : https://help.launchpad.net/ListHelp
<https://help.launchpad.net/ListHelp>
<https://help.launchpad.net/ListHelp
<https://help.launchpad.net/ListHelp>>
>>
>
_______________________________________________
Mailing list: https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers>
Post to : kicad-developers@xxxxxxxxxxxxxxxxxxx
<mailto:kicad-developers@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers>
More help : https://help.launchpad.net/ListHelp
<https://help.launchpad.net/ListHelp>
--
KiCad Services Corporation Logo
Seth Hillbrand
*Lead Developer*
+1-530-302-5483
Long Beach, CA
www.kipro-pcb.com <https://www.kipro-pcb.com/> info@xxxxxxxxxxxxx
<mailto:info@xxxxxxxxxxxxx>
_______________________________________________
Mailing list: https://launchpad.net/~kicad-developers
Post to : kicad-developers@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~kicad-developers
More help : https://help.launchpad.net/ListHelp