Fedora 41 dnf5 vulnerabilities. Are they being worked on?

Hi,

Just wondering if the vulnerabilities published at NVD on dnf5 are being worked on.

https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=dnf5&search_type=all&isCpeNameSearch=false

1 Like

Added dnf5, f41, security

It is reported since 2024-03-05 12:17:46 UTC

Bug 2267893

1 Like

It appears that a possible fix was submitted. See the bug fix section of the report.

If that is correct I am not sure why the bug is still open.

1 Like

Thanks Barry for forwarding this to devel: Barry’s mail was answered, it seems the CVE was already resolved in February.
DNF5 CVE-2024-1929 is it fixed? - devel - Fedora mailing-lists

I assume someone just forgot to close the ticket. If anyone has time to spare, feel free to post in the bug ticket a reference to the devel mailing list and remind that this should be verified and if true, the ticket should be closed to avoid confusions. If product security wants to keep the ticket open for some other reason, it might be useful to at least add a comment that confirms it was fixed.

Forget this. Jan already posted. Let’s see what is to come. But I expect this issue is already solved.