Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Deepin Integration]~[V23-Beta3] fixes CVE-2022-0529, CVE-2022-0530 and CVE-2021-4217 by UTsweetyfish@deepin-community/unzip by deepin-community-ci-bot[bot] #11096

Open
deepin-bot bot opened this issue Dec 25, 2024 · 5 comments
Open

[Deepin Integration]~[V23-Beta3] fixes CVE-2022-0529, CVE-2022-0530 and CVE-2021-4217 by UTsweetyfish@deepin-community/unzip by deepin-community-ci-bot[bot] #11096

deepin-bot bot opened this issue Dec 25, 2024 · 5 comments
Assignees
@Zeno-sole
Labels
Project:integrated 集成管理相关 security
Milestone
V23-Beta3

Comments

@deepin-bot
Copy link

deepin-bot bot commented Dec 25, 2024

Package information | 软件包信息

包名 版本
unzip 6.0.1-deepin2

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-2400/testing/ ./

Changelog | 更新信息

unzip (6.0.1-deepin2) unstable; urgency=medium

[ Marc Deslauriers ]

  • SECURITY UPDATE: Null pointer dereference in unzip (LP: #1957077)
@deepin-bot deepin-bot bot added the Project:integrated 集成管理相关 label Dec 25, 2024
@deepin-bot deepin-bot bot added this to the V23-Beta3 milestone Dec 25, 2024
@deepin-bot deepin-bot bot moved this to In progress in v23-集成管理 Dec 25, 2024
@deepin-bot
Copy link
Author

deepin-bot bot commented Dec 25, 2024
edited by UTsweetyfish
Loading

Integration Test Info

deepin-community/sig-deepin-security#28

Test suggestion | 测试建议

CVE-2021-4217

Influence | 影响范围

ADDITIONAL INFORMATION | 额外补充

@github-actions github-actions bot mentioned this issue Dec 25, 2024
Open
@deepin-bot
Copy link
Author

deepin-bot bot commented Dec 25, 2024

IntegrationProjector Notify the author
@UTsweetyfish: Integrated issue updated

@deepin-bot
Copy link
Author

deepin-bot bot commented Dec 25, 2024

IntegrationProjector Bot
Deepin Testing Integration Project Manager Info
Link to deepin-community/Repository-Integration#2400

@babyfengfjx babyfengfjx assigned kobe337 and unassigned babyfengfjx Dec 25, 2024
@babyfengfjx babyfengfjx moved this from In progress to 测试中 in v23-集成管理 Dec 25, 2024
@babyfengfjx babyfengfjx added the 吴波 吴波 label Dec 25, 2024
@babyfengfjx
Copy link

@kobe337 请优先处理~

@UTsweetyfish UTsweetyfish added security and removed 吴波 吴波 labels Dec 25, 2024
@kobe337
Copy link

kobe337 commented Dec 25, 2024

【环境】:
镜像:Deepin OS-25-20241107064136-1_x86_64
内核:Linux deepin-PC 6.12.1-amd64-desktop-rolling #23.01.01.13 SMP PREEMPT_DYNAMIC Tue Nov 26 15:29:22 CST 2024 x86_64 GNU/Linux

【结论】:
测试通过,暂无严重问题及影响, 覆盖以下内容:
1、安装校验、版本核对
2、基于deepin23 stable版本与内测最新版本验证
3、poc验证unzip的安全漏洞
4、升级后的相关应用包安装验证:patool、mc、printer-driver-foo2zjs、git-buildpackage、xarchiver、systemtap-client、systemtap-server、ruby-zip、java-wrappers、hunspell、engrampa、python3-stdeb、r-base-core、opam、audacious、ark、unzip-dbgsym
以上内容验证通过,请研发同事确认,是否合入仓库
Image

@kobe337 kobe337 assigned Zeno-sole and unassigned kobe337 Dec 25, 2024
@kobe337 kobe337 moved this from 测试中 to 测试通过 in v23-集成管理 Dec 25, 2024
@Zeno-sole Zeno-sole moved this from 测试通过 to 已集成 in v23-集成管理 Dec 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zeno-sole Zeno-sole

Labels
Project:integrated 集成管理相关 security
Projects
v23-集成管理
Status: 已集成
Milestone
V23-Beta3
Development

No branches or pull requests
5 participants
@kobe337 @babyfengfjx @Zeno-sole @hudeng-go @UTsweetyfish