I found "Fix overflow vulnerability in Gerbview" and possibly "Fix relative return
with nullptr condition". Are there other patches in the series, or are those two the only
ones that are needed?
I tried grepping the log for CVE, but didn't find much...
Steve
On 2/16/22 01:17 PM, Seth Hillbrand wrote:
Distributions that would like to release a patched version of 5.1, 5.0 or 4.0
can cherry-pick the patch series. They should apply cleanly.
Seth
On Wed, Feb 16, 2022 at 9:16 AM Steven A. Falco <[email protected]
<mailto:[email protected]>> wrote:
One additional question - I know that 5.1.12 was the last planned release
in the 5.x series, and that 5.1.12 has the vulnerability. Currently, because
of Fedora policy, both F34 and F35 still ship 5.1.12.
I'll ask on the Fedora list if this event qualifies as an exception to the
policy, but if not, how involved would it be to patch 5.1.12, or perhaps to
spin a 5.1.13 just to fix this issue?
Steve
On 2/16/22 11:49 AM, Steven A. Falco wrote:
> Excellent! I'll note that on the Fedora bugs.
>
> Thanks,
> Steve
>
> On 2/16/22 09:44 AM, Ian McInerney wrote:
>> All 4 CVEs were fixed in the 6.0.2 release and the release announcement
was updated last night to say this (to coincide with the public disclosure that
happened today). There will be another email on the developer list later today with
more details.
>>
>> -Ian
>>
>> On Wed, Feb 16, 2022 at 2:18 PM Steven A. Falco <[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>> wrote:
>>
>> I've just received a large number of bugs against KiCad, supposedly
due to CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947.
>>
>> I don't have time to look into them, but I wanted to make them known. There are
apparently also bugs for this on the gentoo site - here is one: https://bugs.gentoo.org/833426
<https://bugs.gentoo.org/833426> <https://bugs.gentoo.org/833426
<https://bugs.gentoo.org/833426>>
>>
>> Here are the Fedora bugs:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054956
<https://bugzilla.redhat.com/show_bug.cgi?id=2054956>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054956
<https://bugzilla.redhat.com/show_bug.cgi?id=2054956>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054957
<https://bugzilla.redhat.com/show_bug.cgi?id=2054957>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054957
<https://bugzilla.redhat.com/show_bug.cgi?id=2054957>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054959
<https://bugzilla.redhat.com/show_bug.cgi?id=2054959>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054959
<https://bugzilla.redhat.com/show_bug.cgi?id=2054959>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054960
<https://bugzilla.redhat.com/show_bug.cgi?id=2054960>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054960
<https://bugzilla.redhat.com/show_bug.cgi?id=2054960>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054955
<https://bugzilla.redhat.com/show_bug.cgi?id=2054955>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054955
<https://bugzilla.redhat.com/show_bug.cgi?id=2054955>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054973
<https://bugzilla.redhat.com/show_bug.cgi?id=2054973>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054973
<https://bugzilla.redhat.com/show_bug.cgi?id=2054973>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054974
<https://bugzilla.redhat.com/show_bug.cgi?id=2054974>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054974
<https://bugzilla.redhat.com/show_bug.cgi?id=2054974>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054979
<https://bugzilla.redhat.com/show_bug.cgi?id=2054979>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054979
<https://bugzilla.redhat.com/show_bug.cgi?id=2054979>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054980
<https://bugzilla.redhat.com/show_bug.cgi?id=2054980>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054980
<https://bugzilla.redhat.com/show_bug.cgi?id=2054980>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054958
<https://bugzilla.redhat.com/show_bug.cgi?id=2054958>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054958
<https://bugzilla.redhat.com/show_bug.cgi?id=2054958>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054972
<https://bugzilla.redhat.com/show_bug.cgi?id=2054972>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054972
<https://bugzilla.redhat.com/show_bug.cgi?id=2054972>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=2054978
<https://bugzilla.redhat.com/show_bug.cgi?id=2054978>
<https://bugzilla.redhat.com/show_bug.cgi?id=2054978
<https://bugzilla.redhat.com/show_bug.cgi?id=2054978>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers> <https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers>>
>> Post to : [email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>
>> Unsubscribe : https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers> <https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers>>
>> More help : https://help.launchpad.net/ListHelp
<https://help.launchpad.net/ListHelp> <https://help.launchpad.net/ListHelp
<https://help.launchpad.net/ListHelp>>
>>
>
_______________________________________________
Mailing list: https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers>
Post to : [email protected]
<mailto:[email protected]>
Unsubscribe : https://launchpad.net/~kicad-developers
<https://launchpad.net/~kicad-developers>
More help : https://help.launchpad.net/ListHelp
<https://help.launchpad.net/ListHelp>
--
KiCad Services Corporation Logo
Seth Hillbrand
*Lead Developer*
+1-530-302-5483
Long Beach, CA
www.kipro-pcb.com <https://www.kipro-pcb.com/> [email protected]
<mailto:[email protected]>
_______________________________________________
Mailing list: https://launchpad.net/~kicad-developers
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kicad-developers
More help : https://help.launchpad.net/ListHelp
_______________________________________________
Mailing list: https://launchpad.net/~kicad-developers
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kicad-developers
More help : https://help.launchpad.net/ListHelp
