November 2023 - Epel-packagers-sig - Fedora Mailing-Lists

[Bug 2097310] CVE-2022-2068 openssl: the c_rehash script allows command injection

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2097310 --- Comment #29 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat Satellite 6.14 for RHEL 8 Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2097310 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

7 months, 2 weeks

1
0
0 / 0

[Bug 2081494] New: CVE-2022-1292 openssl: c_rehash script allows command injection

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2081494 Bug ID: 2081494 Summary: CVE-2022-1292 openssl: c_rehash script allows command injection Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: pdelbell(a)redhat.com CC: aos-bugs(a)redhat.com, asoldano(a)redhat.com, bbaranow(a)redhat.com, bdettelb(a)redhat.com, berrange(a)redhat.com, bmaxwell(a)redhat.com, bootloader-eng-team(a)redhat.com, brian.stansberry(a)redhat.com, caswilli(a)redhat.com, cdewolf(a)redhat.com, cfergeau(a)redhat.com, chazlett(a)redhat.com, crobinso(a)redhat.com, crypto-team(a)lists.fedoraproject.org, csutherl(a)redhat.com, darran.lofthouse(a)redhat.com, dbelyavs(a)redhat.com, ddepaula(a)redhat.com, dhalasz(a)redhat.com, dkreling(a)redhat.com, dkuc(a)redhat.com, dosoudil(a)redhat.com, dueno(a)redhat.com, elima(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, erik-fedora(a)vanpienbroek.nl, f4bug(a)amsat.org, fjansen(a)redhat.com, fjuma(a)redhat.com, fmartine(a)redhat.com, gparvin(a)redhat.com, gzaronik(a)redhat.com, iweiss(a)redhat.com, jburrell(a)redhat.com, jclere(a)redhat.com, jferlan(a)redhat.com, jkoehler(a)redhat.com, jochrist(a)redhat.com, jramanat(a)redhat.com, jwong(a)redhat.com, jwon(a)redhat.com, kaycoth(a)redhat.com, krathod(a)redhat.com, kraxel(a)redhat.com, ktietz(a)redhat.com, lgao(a)redhat.com, marcandre.lureau(a)redhat.com, michal.skrivanek(a)redhat.com, michel(a)michel-slm.name, micjohns(a)redhat.com, mjg59(a)srcf.ucam.org, mosmerov(a)redhat.com, mperina(a)redhat.com, msochure(a)redhat.com, mspacek(a)redhat.com, msvehla(a)redhat.com, mturk(a)redhat.com, njean(a)redhat.com, nwallace(a)redhat.com, pahickey(a)redhat.com, pbonzini(a)redhat.com, pjindal(a)redhat.com, pjones(a)redhat.com, pmackay(a)redhat.com, redhat-bugzilla(a)linuxnetz.de, rfreiman(a)redhat.com, rharwood(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, rstancel(a)redhat.com, rsvoboda(a)redhat.com, sahana(a)redhat.com, sbonazzo(a)redhat.com, smaestri(a)redhat.com, stcannon(a)redhat.com, sthirugn(a)redhat.com, szappis(a)redhat.com, tmeszaro(a)redhat.com, tm(a)t8m.info, tom.jenkinson(a)redhat.com, virt-maint(a)lists.fedoraproject.org, virt-maint(a)redhat.com, vkrizan(a)redhat.com, vkumar(a)redhat.com, vmugicag(a)redhat.com Target Milestone: --- Classification: Other The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. OpenSSL 1.0.2 users should upgrade to 1.0.2ze OpenSSL 1.1.1 users should upgrade to 1.1.1o OpenSSL 3.0 users should upgrade to 3.0.3 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2081494

7 months, 2 weeks

1
53
0 / 0

[Bug 2195944] New: workspace switching with DesktopCube with shortcutkeys not working anymore

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2195944 Bug ID: 2195944 Summary: workspace switching with DesktopCube with shortcutkeys not working anymore Product: Fedora Version: 37 OS: Linux Status: NEW Component: cinnamon-desktop Keywords: Desktop Severity: medium Assignee: leigh123linux(a)googlemail.com Reporter: customercare(a)resellerdesktop.de QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, leigh123linux(a)googlemail.com, riehecky(a)fnal.gov Target Milestone: --- Classification: Fedora cinnamon-translations-5.6.1-1.fc37.noarch cinnamon-control-center-filesystem-5.6.1-1.fc37.x86_64 cinnamon-themes-2.0.8-1.fc37.noarch cinnamon-menus-5.6.0-1.fc37.x86_64 cinnamon-desktop-5.6.1-1.fc37.x86_64 cinnamon-session-5.6.0-1.fc37.x86_64 cinnamon-screensaver-5.6.3-1.fc37.x86_64 cinnamon-settings-daemon-5.6.2-1.fc37.x86_64 cinnamon-control-center-5.6.1-1.fc37.x86_64 cinnamon-calendar-server-5.6.8-2.fc37.x86_64 cinnamon-5.6.8-2.fc37.x86_64 imsettings-cinnamon-1.8.3-8.fc37.x86_64 after the upgrade from F36 to F37 the extension DesktopCube does no longer work, with results in no workspace switch at all if the correct keys are used. The journal has this to report: Mai 06 20:31:07 <hostname> cinnamon[2863]: JS ERROR: TypeError: binding is undefined _init@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:31:42 Cube@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:20:16 onSwitch@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:651:5 Mai 06 20:31:08 <hostname> cinnamon[2863]: JS ERROR: TypeError: binding is undefined _init@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:31:42 Cube@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:20:16 onSwitch@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:651:5 Mai 06 20:31:08 <hostname> cinnamon[2863]: JS ERROR: TypeError: binding is undefined _init@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:31:42 Cube@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:20:16 onSwitch@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:651:5 Mai 06 20:31:08 <hostname> cinnamon[2863]: JS ERROR: TypeError: binding is undefined _init@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:31:42 Cube@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:20:16 onSwitch@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:651:5 Mai 06 20:31:08 <hostname> cinnamon[2863]: JS ERROR: TypeError: binding is undefined _init@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:31:42 Cube@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:20:16 onSwitch@/home/<username>/.local/share/cinnamon/extensions/DesktopCube@yare/extension.js:651:5 Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2195944

7 months, 2 weeks

1
2
0 / 0

[Bug 2246697] New: golang-github-yuin-goldmark-1.6.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2246697 Bug ID: 2246697 Summary: golang-github-yuin-goldmark-1.6.0 is available Product: Fedora Version: rawhide Status: NEW Component: golang-github-yuin-goldmark Keywords: FutureFeature, Triaged Assignee: quantum.analyst(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, quantum.analyst(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 1.6.0 Upstream release that is considered latest: 1.6.0 Current version/release in rawhide: 1.5.6-1.fc40 URL: https://github.com/yuin/goldmark Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/59417/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/golang-github-yuin-goldmark -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246697 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

7 months, 2 weeks

1
7
0 / 0

[Bug 2247123] New: python-pydata-sphinx-theme-0.14.3 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2247123 Bug ID: 2247123 Summary: python-pydata-sphinx-theme-0.14.3 is available Product: Fedora Version: rawhide Status: NEW Component: python-pydata-sphinx-theme Keywords: FutureFeature, Triaged Assignee: loganjerry(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, loganjerry(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 0.14.3 Upstream release that is considered latest: 0.14.3 Current version/release in rawhide: 0.14.2-1.fc40 URL: https://pypi.org/project/pydata-sphinx-theme/0.1.0 Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/87078/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-pydata-sphinx-theme -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2247123 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

7 months, 2 weeks

1
3
0 / 0

[Bug 2246066] New: python-pydata-sphinx-theme-0.14.2 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2246066 Bug ID: 2246066 Summary: python-pydata-sphinx-theme-0.14.2 is available Product: Fedora Version: rawhide Status: NEW Component: python-pydata-sphinx-theme Keywords: FutureFeature, Triaged Assignee: loganjerry(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, loganjerry(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 0.14.2 Upstream release that is considered latest: 0.14.2 Current version/release in rawhide: 0.14.1-1.fc40 URL: https://pypi.org/project/pydata-sphinx-theme/0.1.0 Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/87078/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-pydata-sphinx-theme -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246066 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

7 months, 2 weeks

1
4
0 / 0

[Bug 2248578] New: python-pbr-6.0.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248578 Bug ID: 2248578 Summary: python-pbr-6.0.0 is available Product: Fedora Version: rawhide Status: NEW Component: python-pbr Keywords: FutureFeature, Triaged Assignee: mrunge(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: apevec(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, mrunge(a)redhat.com, openstack-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 6.0.0 Upstream release that is considered latest: 6.0.0 Current version/release in rawhide: 5.11.1-5.fc40~bootstrap URL: https://pypi.python.org/pypi/pbr Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/3960/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-pbr -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248578 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

7 months, 3 weeks

1
2
0 / 0

[Bug 2222517] New: CVE-2022-25883 mozjs78: nodejs-semver: Regular expression denial of service [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2222517 Bug ID: 2222517 Summary: CVE-2022-25883 mozjs78: nodejs-semver: Regular expression denial of service [fedora-all] Product: Fedora Version: 38 Status: NEW Component: mozjs78 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: fzatlouk(a)redhat.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, fzatlouk(a)redhat.com, klember(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2216475 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2222517 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

7 months, 3 weeks

1
3
0 / 0

[Bug 2246631] New: CVE-2023-46234 mozjs78: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2246631 Bug ID: 2246631 Summary: CVE-2023-46234 mozjs78: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [fedora-all] Product: Fedora Version: 38 Status: NEW Component: mozjs78 Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: fzatlouk(a)redhat.com Reporter: pdelbell(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, fzatlouk(a)redhat.com, klember(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2246470 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246631 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

7 months, 3 weeks

1
3
0 / 0

[Bug 2248437] New: python-precis_i18n-1.1.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248437 Bug ID: 2248437 Summary: python-precis_i18n-1.1.0 is available Product: Fedora Version: rawhide Status: NEW Component: python-precis_i18n Keywords: FutureFeature, Triaged Assignee: mschmidt(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, mschmidt(a)redhat.com, redhat-bugzilla(a)linuxnetz.de, suraia(a)ikkoku.de Target Milestone: --- Classification: Fedora Releases retrieved: 1.1.0 Upstream release that is considered latest: 1.1.0 Current version/release in rawhide: 1.0.5-4.fc39 URL: https://github.com/byllyfish/precis_i18n Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/18512/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-precis_i18n -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248437 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

7 months, 3 weeks

1
0
0 / 0

2024

2023

2022

2021

Epel-packagers-sig November 2023