<html>

    <head>

      <base href="https://bugzilla.rosalinux.ru/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Platform</th>

          <td>2021.1

          </td>

        </tr>

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_CONFIRMED "

   title="CONFIRMED - [CVE 21] libksba 1.3.5 CVEs found"

   href="https://bugzilla.rosalinux.ru/show_bug.cgi?id=13263">13263</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[CVE 21] libksba 1.3.5 CVEs found

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>ROSA-based products

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>ROSA Fresh

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>URL</th>

          <td>CVE-2022-3515, CVE-2022-47629,

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>CONFIRMED

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>System (kernel, glibc, systemd, bash, PAM...)

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>bugs&#64;lists.rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>y.tumanov&#64;rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>QA Contact</th>

          <td>bugs&#64;lists.rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>s.matveev&#64;rosalinux.ru, y.tumanov&#64;rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>Target Milestone</th>

          <td>---

          </td>

        </tr>

        <tr>

          <th>Flags</th>

          <td>secteam_verified?

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Please patch CVEs for package libksba version 1.3.5  

INFO (CVEs are): libksba 1.3.5 cves found

CVE-2022-3515

Desc: A vulnerability was found in the Libksba library due to an integer

overflow within the CRL parser. The vulnerability can be exploited remotely for

code execution on the target system by passing specially crafted data to the

application, for example, a malicious S/MIME attachment.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-3515">https://nvd.nist.gov/vuln/detail/CVE-2022-3515</a>

Severity: CRITICAL

CVE-2022-47629

Desc: Libksba before 1.6.3 is prone to an integer overflow vulnerability in the

CRL signature parser.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-47629">https://nvd.nist.gov/vuln/detail/CVE-2022-47629</a>

Severity: CRITICAL</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the QA Contact for the bug.</li>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>