*** This bug is a security vulnerability *** Public security bug reported:
There are two CVEs with a score of 9.8 CRITICAL published on 29-08-2023: * https://nvd.nist.gov/vuln/detail/CVE-2023-40889 * https://nvd.nist.gov/vuln/detail/CVE-2023-40890 No new release seems to be available that fixes these vulnerabilities. The latest package version seems to be zbar-tools (0.23.92-7). Additional information: ~ $ lsb_release -rd No LSB modules are available. Description: Ubuntu 23.04 Release: 23.04 ~ $ apt-cache policy zbar-tools zbar-tools: Installed: 0.23.92-7 Candidate: 0.23.92-7 Version table: *** 0.23.92-7 500 500 http://ch.archive.ubuntu.com/ubuntu lunar/universe amd64 Packages 100 /var/lib/dpkg/status # Expected No CVE # Actual There are two known CVEs ** Affects: zbar (Ubuntu) Importance: Undecided Status: New ** Description changed: There are two CVEs with a score of 9.8 CRITICAL published on 29-08-2023: * https://nvd.nist.gov/vuln/detail/CVE-2023-40889 * https://nvd.nist.gov/vuln/detail/CVE-2023-40890 - Now new release seems to be available that fixes these vulnerabilities. - The latest package version seems to be zbar-tools (0.23-1.3). - + No new release seems to be available that fixes these vulnerabilities. + The latest package version seems to be zbar-tools (0.23.92-7). Additional information: ~ $ lsb_release -rd No LSB modules are available. Description: Ubuntu 23.04 Release: 23.04 - ~ $ apt-cache policy zbar-tools + ~ $ apt-cache policy zbar-tools zbar-tools: - Installed: 0.23.92-7 - Candidate: 0.23.92-7 - Version table: - *** 0.23.92-7 500 - 500 http://ch.archive.ubuntu.com/ubuntu lunar/universe amd64 Packages - 100 /var/lib/dpkg/status + Installed: 0.23.92-7 + Candidate: 0.23.92-7 + Version table: + *** 0.23.92-7 500 + 500 http://ch.archive.ubuntu.com/ubuntu lunar/universe amd64 Packages + 100 /var/lib/dpkg/status # Expected No CVE # Actual There are two known CVEs ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-40890 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-40889 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zbar in Ubuntu. https://bugs.launchpad.net/bugs/2039712 Title: Two critical CVEs in zbar Status in zbar package in Ubuntu: New Bug description: There are two CVEs with a score of 9.8 CRITICAL published on 29-08-2023: * https://nvd.nist.gov/vuln/detail/CVE-2023-40889 * https://nvd.nist.gov/vuln/detail/CVE-2023-40890 No new release seems to be available that fixes these vulnerabilities. The latest package version seems to be zbar-tools (0.23.92-7). Additional information: ~ $ lsb_release -rd No LSB modules are available. Description: Ubuntu 23.04 Release: 23.04 ~ $ apt-cache policy zbar-tools zbar-tools: Installed: 0.23.92-7 Candidate: 0.23.92-7 Version table: *** 0.23.92-7 500 500 http://ch.archive.ubuntu.com/ubuntu lunar/universe amd64 Packages 100 /var/lib/dpkg/status # Expected No CVE # Actual There are two known CVEs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zbar/+bug/2039712/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
