Bug 1209285 (CVE-2023-28371) - VUL-0: CVE-2023-28371: stellarium: Arbitrary file write
Summary: VUL-0: CVE-2023-28371: stellarium: Arbitrary file write
Status: RESOLVED FIXED
Alias: CVE-2023-28371
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/360119/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-15 08:12 UTC by Cathy Hu
Modified: 2024-05-06 08:26 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Cathy Hu 2023-03-15 08:12:59 UTC 
Affected:
- openSUSE:Backports:SLE-15-SP4/stellarium
- openSUSE:Factory/stellarium
Comment 2 Andreas Stieger 2023-03-27 10:48:48 UTC 
Fixed in Stellarium 23.1
https://stellarium.org/release/2023/03/26/stellarium-23.1.html
Comment 3 Peter Simons 2023-04-13 12:39:25 UTC 
openSUSE:Factory is at version 23.1 and is therefore no longer vulnerable to this issue.

openSUSE:Backports:SLE-15-SP4:Update received a submit request with the appropriate patches moments ago.
Comment 4 Peter Simons 2023-04-13 12:52:21 UTC 
https://build.opensuse.org/request/show/1079198
Comment 5 Marcus Meissner 2023-04-27 19:05:37 UTC 
openSUSE-SU-2023:0097-1: An update that fixes one vulnerability is now available.\n\nCategory: security (important)\nBug References: 1209285\nCVE References: CVE-2023-28371\nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP4 (src):    stellarium-0.21.2-bp154.2.3.1\n\n
Comment 6 Robert Frohl 2024-05-06 08:26:45 UTC 
done, closing