Uploaded image for project: 'Security Data'
  1. Security Data
  2. SECDATA-345

Clarification on fixed version for libksba

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      Good afternoon,

       

      CVE-2022-47629 affects libksba, and https://access.redhat.com/errata/RHSA-2023:0625 says it's fixed in libksba-1.3.5-9.el8_7. However, libksba-1.3.5-9.el8_6 is also presumably fixed (based on rpm -q --changelog libksba, it looks like the fix went in at  libksba-1.3.5-9). Can you clarify whether libksba-1.3.5-9.el8_6 is vulnerable. If so, why does rpm -q --changelog libksba indicate that the fix went in, and if not, why does the RHSA only mention el8_7 and not the earlier el8_6?

       

      Thank you!

            proguski@redhat.com Przemyslaw Roguski
            sherzberg Steven Herzberg (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: