[Pkg-utopia-maintainers] Bug#1013343: dbus-broker: CVE-2022-31212
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 22 19:53:50 BST 2022
Hi,
On Wed, Jun 22, 2022 at 07:26:57PM +0100, Luca Boccassi wrote:
> Control: fixed -1 31-1
>
> On Wed, 22 Jun 2022 11:36:32 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?=
> <jmm at inutil.org> wrote:
> > Source: dbus-broker
> > X-Debbugs-CC: team at security.debian.org
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerability was published for dbus-broker.
> >
> > This was assigned CVE-2022-31212:
> > https://bugzilla.redhat.com/show_bug.cgi?id=2094718
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2022-31212
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31212
> >
> > Please adjust the affected versions in the BTS as needed.
>
> This appears to be already fixed in unstable and testing, at least
> according to this message on bugzilla that says v31 includes the fix:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=2094720#c2
>
> Although it is unclear precisely which commit/patch fixed it?
>From https://bugzilla.suse.com/show_bug.cgi?id=1200332#c1 I would say
this is the following change:
https://github.com/c-util/c-shquote/commit/7fd15f8e272136955f7ffc37df29fbca9ddceca1
and so it should be fixed since dbus-broker/30-1 uploaded to unstable.
Regards,
Salvatore
More information about the Pkg-utopia-maintainers
mailing list