May 2023 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2140597] CVE-2022-37603 loader-utils:Regular expression denial of service
by bugzilla＠redhat.com 31 May '23

31 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2140597 --- Comment #34 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Migration Toolkit for Runtimes 1 on RHEL 8 Via RHSA-2023:3374 https://access.redhat.com/errata/RHSA-2023:3374 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2140597

1 0

[Bug 2171505] New: golang-github-alecthomas-chroma-2: FTBFS in Fedora rawhide/f38
by bugzilla＠redhat.com 31 May '23

31 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2171505 Bug ID: 2171505 Summary: golang-github-alecthomas-chroma-2: FTBFS in Fedora rawhide/f38 Product: Fedora Version: rawhide Status: NEW Component: golang-github-alecthomas-chroma-2 Assignee: redhat(a)flyn.org Reporter: releng(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, redhat(a)flyn.org Blocks: 2117176 (F38FTBFS) Target Milestone: --- Classification: Fedora golang-github-alecthomas-chroma-2 failed to build from source in Fedora rawhide/f38 https://koji.fedoraproject.org/koji/taskinfo?taskID=96333832 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Please fix golang-github-alecthomas-chroma-2 at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, golang-github-alecthomas-chroma-2 will be orphaned. Before branching of Fedora 39, golang-github-alecthomas-chroma-2 will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2117176 [Bug 2117176] Fedora 38 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2171505

1 1

[Bug 2207683] New: xsimd-11.1.0 is available
by bugzilla＠redhat.com 30 May '23

30 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2207683 Bug ID: 2207683 Summary: xsimd-11.1.0 is available Product: Fedora Version: rawhide Status: NEW Component: xsimd Keywords: FutureFeature, Triaged Assignee: mhroncok(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, kkeithle(a)redhat.com, mhroncok(a)redhat.com, serge.guelton(a)telecom-bretagne.eu Target Milestone: --- Classification: Fedora Releases retrieved: 11.1.0 Upstream release that is considered latest: 11.1.0 Current version/release in rawhide: 11.0.0-3.fc39 URL: https://github.com/xtensor-stack/xsimd Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/138109/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/xsimd -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2207683

1 3

[Bug 2196518] New: python-nbformat fails to build with Python 3.12: DeprecationWarning: The default datetime adapter is deprecated as of Python 3.12
by bugzilla＠redhat.com 29 May '23

29 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2196518 Bug ID: 2196518 Summary: python-nbformat fails to build with Python 3.12: DeprecationWarning: The default datetime adapter is deprecated as of Python 3.12 Product: Fedora Version: rawhide Status: NEW Component: python-nbformat Assignee: orion(a)nwra.com Reporter: thrnciar(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, mhroncok(a)redhat.com, orion(a)nwra.com, python-packagers-sig(a)lists.fedoraproject.org, thrnciar(a)redhat.com, tomspur(a)fedoraproject.org Blocks: 2135404 (PYTHON3.12) Target Milestone: --- Classification: Fedora python-nbformat fails to build with Python 3.12.0a7. =================================== FAILURES =================================== _______________________ TestNotary.test_check_signature ________________________ self = <tests.test_sign.TestNotary testMethod=test_check_signature> def test_check_signature(self): nb = self.nb md = nb.metadata notary = self.notary check_signature = notary.check_signature # no signature: md.pop("signature", None) self.assertFalse(check_signature(nb)) # hash only, no algo md.signature = notary.compute_signature(nb) self.assertFalse(check_signature(nb)) # proper signature, algo mismatch notary.algorithm = "sha224" > notary.sign(nb) tests/test_sign.py:133: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ nbformat/sign.py:462: in sign self.store.store_signature(signature, self.algorithm) nbformat/sign.py:205: in store_signature self.db.execute( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ val = datetime.datetime(2023, 5, 9, 11, 29, 45, 14214) def adapt_datetime(val): > warn(msg.format(what="datetime adapter"), DeprecationWarning, stacklevel=2) E DeprecationWarning: The default datetime adapter is deprecated as of Python 3.12; see the sqlite3 documentation for suggested replacement recipes /usr/lib64/python3.12/sqlite3/dbapi2.py:68: DeprecationWarning ___________________________ TestNotary.test_cull_db ____________________________ self = <tests.test_sign.TestNotary testMethod=test_cull_db> def test_cull_db(self): # this test has various sleeps of 2ms # to ensure low resolution timestamps compare as expected dt = 2e-3 nbs = [copy.deepcopy(self.nb) for i in range(10)] for row in self.notary.store.db.execute("SELECT * FROM nbsignatures"): print(row) self.notary.store.cache_size = 8 for i, nb in enumerate(nbs[:8]): nb.metadata.dirty = i > self.notary.sign(nb) tests/test_sign.py:100: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ nbformat/sign.py:462: in sign self.store.store_signature(signature, self.algorithm) nbformat/sign.py:205: in store_signature self.db.execute( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ val = datetime.datetime(2023, 5, 9, 11, 29, 45, 40720) def adapt_datetime(val): > warn(msg.format(what="datetime adapter"), DeprecationWarning, stacklevel=2) E DeprecationWarning: The default datetime adapter is deprecated as of Python 3.12; see the sqlite3 documentation for suggested replacement recipes /usr/lib64/python3.12/sqlite3/dbapi2.py:68: DeprecationWarning _______________________ TestNotary.test_invalid_db_file ________________________ self = <tests.test_sign.TestNotary testMethod=test_invalid_db_file> def test_invalid_db_file(self): invalid_sql_file = os.path.join(self.data_dir, "invalid_db_file.db") with open(invalid_sql_file, "w") as tempfile: tempfile.write("[invalid data]") invalid_notary = sign.NotebookNotary( db_file=invalid_sql_file, secret=b"secret", ) > invalid_notary.sign(self.nb) tests/test_sign.py:50: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ nbformat/sign.py:462: in sign self.store.store_signature(signature, self.algorithm) nbformat/sign.py:205: in store_signature self.db.execute( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ val = datetime.datetime(2023, 5, 9, 11, 29, 45, 57603) def adapt_datetime(val): > warn(msg.format(what="datetime adapter"), DeprecationWarning, stacklevel=2) E DeprecationWarning: The default datetime adapter is deprecated as of Python 3.12; see the sqlite3 documentation for suggested replacement recipes /usr/lib64/python3.12/sqlite3/dbapi2.py:68: DeprecationWarning ------------------------------ Captured log call ------------------------------- WARNING traitlets:sign.py:154 The signatures database cannot be opened; maybe it is corrupted or encrypted. You may need to rerun your notebooks to ensure that they are trusted to run Javascript. The old signatures database has been renamed to /tmp/tmp18ip2sda/invalid_db_file.db.bak and a new one has been created. _____________________________ TestNotary.test_sign _____________________________ self = <tests.test_sign.TestNotary testMethod=test_sign> def test_sign(self): self.assertFalse(self.notary.check_signature(self.nb)) > self.notary.sign(self.nb) tests/test_sign.py:79: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ nbformat/sign.py:462: in sign self.store.store_signature(signature, self.algorithm) nbformat/sign.py:205: in store_signature self.db.execute( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ val = datetime.datetime(2023, 5, 9, 11, 29, 45, 83773) def adapt_datetime(val): > warn(msg.format(what="datetime adapter"), DeprecationWarning, stacklevel=2) E DeprecationWarning: The default datetime adapter is deprecated as of Python 3.12; see the sqlite3 documentation for suggested replacement recipes /usr/lib64/python3.12/sqlite3/dbapi2.py:68: DeprecationWarning ____________________________ TestNotary.test_unsign ____________________________ self = <tests.test_sign.TestNotary testMethod=test_unsign> def test_unsign(self): > self.notary.sign(self.nb) tests/test_sign.py:83: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ nbformat/sign.py:462: in sign self.store.store_signature(signature, self.algorithm) nbformat/sign.py:205: in store_signature self.db.execute( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ val = datetime.datetime(2023, 5, 9, 11, 29, 45, 558943) def adapt_datetime(val): > warn(msg.format(what="datetime adapter"), DeprecationWarning, stacklevel=2) E DeprecationWarning: The default datetime adapter is deprecated as of Python 3.12; see the sqlite3 documentation for suggested replacement recipes /usr/lib64/python3.12/sqlite3/dbapi2.py:68: DeprecationWarning ____________________ SQLiteSignatureStoreTests.test_basics _____________________ self = <tests.test_sign.SQLiteSignatureStoreTests testMethod=test_basics> def test_basics(self): digest = "0123457689abcef" algo = "fake_sha" assert not self.store.check_signature(digest, algo) > self.store.store_signature(digest, algo) tests/test_sign.py:260: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ nbformat/sign.py:205: in store_signature self.db.execute( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ val = datetime.datetime(2023, 5, 9, 11, 29, 45, 574206) def adapt_datetime(val): > warn(msg.format(what="datetime adapter"), DeprecationWarning, stacklevel=2) E DeprecationWarning: The default datetime adapter is deprecated as of Python 3.12; see the sqlite3 documentation for suggested replacement recipes /usr/lib64/python3.12/sqlite3/dbapi2.py:68: DeprecationWarning =============================== warnings summary =============================== ../../../../usr/lib/python3.12/site-packages/jupyter_core/application.py:21 /usr/lib/python3.12/site-packages/jupyter_core/application.py:21: DeprecationWarning: Jupyter is migrating its paths to use standard platformdirs given by the platformdirs library. To remove this warning and see the appropriate new directories, set the environment variable `JUPYTER_PLATFORM_DIRS=1` and then run `jupyter --paths`. The use of platformdirs will be the default in `jupyter_core` v6 from .paths import ( -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html ============================= slowest 10 durations ============================= 0.45s call tests/test_sign.py::TestNotary::test_sign_stdin 0.04s call tests/test_validator.py::test_future[fastjsonschema] 0.03s call tests/test_api.py::TestAPI::test_read 0.03s call tests/test_validator.py::test_nb2[jsonschema] 0.03s call tests/test_api.py::TestAPI::test_capture_validation_error 0.02s call tests/test_validator.py::test_nb4jupyter_metadata_timings[fastjsonschema] 0.02s call tests/test_validator.py::test_nb4custom[fastjsonschema] 0.02s call tests/test_validator.py::test_future[jsonschema] 0.02s call tests/test_validator.py::test_invalid_validator_raises_value_error_after_read 0.01s call tests/test_validator.py::test_nb3[jsonschema] =========================== short test summary info ============================ XPASS tests/test_validator.py::test_should_not_mutate[fastjsonschema] In the future we want to stop warning, and raise an error XPASS tests/test_validator.py::test_should_not_mutate[jsonschema] In the future we want to stop warning, and raise an error FAILED tests/test_sign.py::TestNotary::test_check_signature - DeprecationWarning: The default datetime adapter is deprecated as of Python... FAILED tests/test_sign.py::TestNotary::test_cull_db - DeprecationWarning: The default datetime adapter is deprecated as of Python... FAILED tests/test_sign.py::TestNotary::test_invalid_db_file - DeprecationWarning: The default datetime adapter is deprecated as of Python... FAILED tests/test_sign.py::TestNotary::test_sign - DeprecationWarning: The default datetime adapter is deprecated as of Python... FAILED tests/test_sign.py::TestNotary::test_unsign - DeprecationWarning: The default datetime adapter is deprecated as of Python... FAILED tests/test_sign.py::SQLiteSignatureStoreTests::test_basics - DeprecationWarning: The default datetime adapter is deprecated as of Python... ============= 6 failed, 180 passed, 2 xpassed, 1 warning in 1.37s ============== https://github.com/python/cpython/issues/90016 https://docs.python.org/3.12/whatsnew/3.12.html For the build logs, see: https://copr-be.cloud.fedoraproject.org/results/@python/python3.12/fedora-r… For all our attempts to build python-nbformat with Python 3.12, see: https://copr.fedorainfracloud.org/coprs/g/python/python3.12/package/python-… Testing and mass rebuild of packages is happening in copr. You can follow these instructions to test locally in mock if your package builds with Python 3.12: https://copr.fedorainfracloud.org/coprs/g/python/python3.12/ Let us know here if you have any questions. Python 3.12 is planned to be included in Fedora 39. To make that update smoother, we're building Fedora packages with all pre-releases of Python 3.12. A build failure prevents us from testing all dependent packages (transitive [Build]Requires), so if this package is required a lot, it's important for us to get it fixed soon. We'd appreciate help from the people who know this package best, but if you don't want to work on this now, let us know so we can try to work around it on our side. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2135404 [Bug 2135404] Python 3.12 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2196518

1 1

[Bug 2208017] New: missing requires on shadow-utils for user creation in pre
by bugzilla＠redhat.com 27 May '23

27 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2208017 Bug ID: 2208017 Summary: missing requires on shadow-utils for user creation in pre Product: Fedora Version: rawhide OS: Linux Status: NEW Component: nss-pam-ldapd Severity: medium Assignee: thalman(a)redhat.com Reporter: davide(a)cavalca.name QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jhrozek(a)redhat.com, lslebodn(a)redhat.com, thalman(a)redhat.com Target Milestone: --- Classification: Fedora This package creates a user/group in %pre but it's missing the corresponding Requires on shadow-utils, resulting in installation errors on minimal systems or chroots. Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2208017

1 4

[Bug 2192164] New: luarocks-3.9.1 installs to /usr/lib instead of /usr/lib64
by bugzilla＠redhat.com 27 May '23

27 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2192164 Bug ID: 2192164 Summary: luarocks-3.9.1 installs to /usr/lib instead of /usr/lib64 Product: Fedora Version: rawhide Status: NEW Component: luarocks Assignee: michel(a)michel-slm.name Reporter: ferdnyc(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, ktdreyer(a)ktdreyer.com, lua-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora Description of problem: I messed up. As I detail at the end of this Fedora Discussions thread[1], when I submitted the PR for the luarocks-3.9.1 update, I mistakenly dropped the Fedora patch that was correcting the default arch-specific library install dir to /usr/lib64 instead of /usr/lib. So, without that patch, luarocks installs to the wrong library directory. [1]: https://discussion.fedoraproject.org/t/luarocks-does-not-install-into-lib64… Version-Release number of selected component (if applicable): luarocks-3.9.1-1.fc39 (luarocks on f38 and f37 is also affected; possibly EPEL as well) How reproducible: 100% Steps to Reproduce: 1. `sudo luarocks --global install LuaFileSystem` 2. `ls /usr/lib64/lua/5.4/lfs.so` 3. `ls /usr/lib/lua/5.4/lfs.so` Actual results: 2: ls: cannot access '/usr/lib64/lua/5.4/lfs.so': No such file or directory 3: /usr/lib/lua/5.4/lfs.so Expected results: 2: /usr/lib64/lua/5.4/lfs.so 3: ls: cannot access '/usr/lib/lua/5.4/lfs.so': No such file or directory Additional info: I've already submitted a PR [2] to correct this on rawhide. I'll be happy to submit backport PRs for f38 and f37 as well, if need be. Any chance we could get new builds, to correct this unfortunate screw-up on my part? (I'll even add in an update to luarocks-3.9.2, since that's been released now, so we kill two birds with one bodhi update.) -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2192164

1 10

[Bug 2152006] New: luarocks-3.9.2 is available
by bugzilla＠redhat.com 27 May '23

27 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2152006 Bug ID: 2152006 Summary: luarocks-3.9.2 is available Product: Fedora Version: rawhide Status: NEW Component: luarocks Keywords: FutureFeature, Triaged Assignee: michel(a)michel-slm.name Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, ktdreyer(a)ktdreyer.com, lua-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora Releases retrieved: 3.9.2 Upstream release that is considered latest: 3.9.2 Current version/release in rawhide: 3.9.1-1.fc38 URL: https://luarocks.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/1856/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/luarocks -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2152006

1 11

[Bug 2207826] New: python-pystemd-0.13.1 is available
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2207826 Bug ID: 2207826 Summary: python-pystemd-0.13.1 is available Product: Fedora Version: rawhide Status: NEW Component: python-pystemd Keywords: FutureFeature, Triaged Assignee: ngompa13(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: davide(a)cavalca.name, epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, ngompa13(a)gmail.com, python-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 0.13.1 Upstream release that is considered latest: 0.13.1 Current version/release in rawhide: 0.13.0-1.fc39 URL: https://pypi.org/project/pystemd Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/53136/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-pystemd -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2207826

1 15

[Bug 2135231] New: CVE-2021-36369 dropbear: <net-misc/dropbear-2022.82: forwarded agent abuse [epel-all]
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2135231 Bug ID: 2135231 Summary: CVE-2021-36369 dropbear: <net-misc/dropbear-2022.82: forwarded agent abuse [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: dropbear Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: buytenh(a)wantstofly.org Reporter: mrehak(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: buytenh(a)wantstofly.org, cickumqt(a)gmail.com, daniellarasouza(a)yahoo.com.br, epel-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2135231

1 11

[Bug 2135229] New: CVE-2021-36369 <net-misc/dropbear-2022.82: forwarded agent abuse
by bugzilla＠redhat.com 26 May '23

26 May '23

https://bugzilla.redhat.com/show_bug.cgi?id=2135229 Bug ID: 2135229 Summary: CVE-2021-36369 <net-misc/dropbear-2022.82: forwarded agent abuse Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: mrehak(a)redhat.com CC: buytenh(a)wantstofly.org, cickumqt(a)gmail.com, daniellarasouza(a)yahoo.com.br, epel-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Other Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. Reference: https://github.com/mkj/dropbear/pull/128 https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82 https://github.com/mkj/dropbear/releases -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2135229

1 6

2024

2023

2022

2021

Epel-packagers-sig May 2023