November 2023 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2223821] New: TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2223821 Bug ID: 2223821 Summary: TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2223016 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2223821 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2211109] New: CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2211109 Bug ID: 2211109 Summary: CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2207947 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2211109

1 6

[Bug 2188526] New: CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2188526 Bug ID: 2188526 Summary: CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2188461 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2188526

1 6

[Bug 2182602] New: CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2182602 Bug ID: 2182602 Summary: CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: trathi(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2182565 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182602

1 6

[Bug 2182590] New: CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8]
by bugzilla＠redhat.com 01 May '24

01 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2182590 Bug ID: 2182590 Summary: CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: trathi(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2182561 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182590

1 6

[Bug 2239437] New: gnome-calendar-45.0 is available
by bugzilla＠redhat.com 21 Apr '24

21 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2239437 Bug ID: 2239437 Summary: gnome-calendar-45.0 is available Product: Fedora Version: rawhide Status: NEW Component: gnome-calendar Keywords: FutureFeature, Triaged Assignee: gnome-sig(a)lists.fedoraproject.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, gnome-sig(a)lists.fedoraproject.org, igor.raits(a)gmail.com, klember(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 45.0 Upstream release that is considered latest: 45.0 Current version/release in rawhide: 45~rc-1.fc40 URL: https://wiki.gnome.org/Apps/Calendar Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/10906/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/gnome-calendar -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2239437 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2242181] New: CVE-2023-43665 python-django3: python-django: Denial-of-service possibility in django.utils.text.Truncator [fedora-all]
by bugzilla＠redhat.com 20 Apr '24

20 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2242181 Bug ID: 2242181 Summary: CVE-2023-43665 python-django3: python-django: Denial-of-service possibility in django.utils.text.Truncator [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2241046 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2242181 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2237871] New: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [fedora-all]
by bugzilla＠redhat.com 20 Apr '24

20 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2237871 Bug ID: 2237871 Summary: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2237258 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2237871 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2219382] New: TRIAGE-CVE-2023-36053 python-django3: python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all]
by bugzilla＠redhat.com 20 Apr '24

20 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2219382 Bug ID: 2219382 Summary: TRIAGE-CVE-2023-36053 python-django3: python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2218004 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2219382 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2237869] New: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [epel-all]
by bugzilla＠redhat.com 20 Apr '24

20 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2237869 Bug ID: 2237869 Summary: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2237258 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2237869 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

2024

2023

2022

2021

Epel-packagers-sig November 2023