Update to 9.5.0, backport fix for CVE-2023-44271.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2023-1a120657f9
Please login to add feedback.
This update has been submitted for testing by smani.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
Works without issues till now
Unfortunately, the patch bacported from upstream from version 10 to fix the CVE-2023-44271 is not enough for version 9.5 we have in Fedora 38. The problem is that classes in ImageFont module have also
getsize
method which is deprecated in version 9 and removed in version 10 which means that the fix in version 10 is not applied to these methods and they stay vulnerable in this update.This update has been submitted for stable by bodhi.
This update has been pushed to stable.