stable

CVE-2022-48468: unsigned integer overflow in protobuf-c in libsignal-protocol-c

FEDORA-2023-8b0938312e created by bowlofeggs 8 months ago for Fedora 36

Backport a fix for CVE-2022-48468 for protobuf-c, which is bundled in libsignal-protocol-c.

https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217 https://github.com/protobuf-c/protobuf-c/issues/499 https://github.com/protobuf-c/protobuf-c/pull/513 https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2023-8b0938312e

This update has been submitted for testing by bowlofeggs.

8 months ago

This update's test gating status has been changed to 'ignored'.

8 months ago

This update has been pushed to testing.

8 months ago

This update has been submitted for stable by bodhi.

8 months ago

This update has been pushed to stable.

8 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Builds
1
libsignal-protocol-c-2.3.3-7.fc36
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
8 months ago
in testing
8 months ago
in stable
8 months ago
approved
8 months ago
BZ#2186674 CVE-2022-48468 libsignal-protocol-c: protobuf-c: an unsigned integer overflow in parse_required_member [epel-8]
0
0
BZ#2186675 CVE-2022-48468 libsignal-protocol-c: protobuf-c: an unsigned integer overflow in parse_required_member [fedora-36]
0
0
libsignal-protocol-c-2.3.3-7.fc36

Automated Test Results

Copyright © 2007-2023 Red Hat, Inc. and others.

Running bodhi-server 7.2.2^202312051737git3efe1cb on bodhi-web-120-9vzc6.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy