Hi, On Wed, Jun 22, 2022 at 07:26:57PM +0100, Luca Boccassi wrote: > Control: fixed -1 31-1 > > On Wed, 22 Jun 2022 11:36:32 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= > <j...@inutil.org> wrote: > > Source: dbus-broker > > X-Debbugs-CC: t...@security.debian.org > > Severity: important > > Tags: security > > > > Hi, > > > > The following vulnerability was published for dbus-broker. > > > > This was assigned CVE-2022-31212: > > https://bugzilla.redhat.com/show_bug.cgi?id=2094718 > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2022-31212 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31212 > > > > Please adjust the affected versions in the BTS as needed. > > This appears to be already fixed in unstable and testing, at least > according to this message on bugzilla that says v31 includes the fix: > > https://bugzilla.redhat.com/show_bug.cgi?id=2094720#c2 > > Although it is unclear precisely which commit/patch fixed it?
>From https://bugzilla.suse.com/show_bug.cgi?id=1200332#c1 I would say this is the following change: https://github.com/c-util/c-shquote/commit/7fd15f8e272136955f7ffc37df29fbca9ddceca1 and so it should be fixed since dbus-broker/30-1 uploaded to unstable. Regards, Salvatore