Security fix for CVE-2022-3602 and CVE-2022-3786
sudo dnf upgrade --refresh --advisory=FEDORA-2022-502f096dce
This update has been submitted for testing by dbelyavs.
This update's test gating status has been changed to 'waiting'.
If the build fixes CVE-2022-3786, then BZ#2139151 and BZ#2139104 should also be linked to this update?
As soon as the test gating status changes to "passed", another +1 (even from someone who already gave +1) will be necessary to get it submitted for stable.
Works fine. CVEs not verified.
This update's test gating status has been changed to 'failed'.
note, gating is 'failed' because we are still waiting on a few tests. they are running and will complete within the next hour or so, I hope.
No regressions detected on x86_64. Tried to verify vulnerability with poc, but the poc I found showed that both old and new version was ok, so I guess it is unclear if the old version was properly exploitable on fedora x86_64.
Everything working on my end. (except the exploit, hopefully)
Will run a PoC tomorrow if I find one.
This update's test gating status has been changed to 'passed'.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.
Hi @bittin, @nb, @jsbillings, how did you test for the CVEs
package works, cves not verified.
Please login to add feedback.
Confirm request to re-trigger tests.
Copyright © 2007-2022 Red Hat, Inc. and
bodhi-server 6.0.1 on
bodhi is Free Software.
if you have any problems. Read the documentation.