May 2023 - Epel-packagers-sig - Fedora Mailing-Lists

[Bug 2107386] CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2107386 --- Comment #101 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2107386

1 year, 1 month

1
0
0 / 0

[Bug 2107371] CVE-2022-30630 golang: io/fs: stack exhaustion in Glob

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2107371 errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2023:2758 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2107371

1 year, 1 month

1
0
0 / 0

[Bug 2107371] CVE-2022-30630 golang: io/fs: stack exhaustion in Glob

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2107371 --- Comment #103 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2107371

1 year, 1 month

1
0
0 / 0

[Bug 2196197] New: CVE-2023-31047 python-django3: python-django: Potential bypass of validation when uploading multiple files using one form field [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2196197 Bug ID: 2196197 Summary: CVE-2023-31047 python-django3: python-django: Potential bypass of validation when uploading multiple files using one form field [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2192565 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2196197

1 year, 1 month

1
8
0 / 0

[Bug 2192902] New: python-django3-3.2.19 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2192902 Bug ID: 2192902 Summary: python-django3-3.2.19 is available Product: Fedora Version: rawhide Status: NEW Component: python-django3 Keywords: FutureFeature, Triaged Assignee: michel(a)michel-slm.name Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora Releases retrieved: 3.2.19 Upstream release that is considered latest: 3.2.19 Current version/release in rawhide: 3.2.18-1.fc39 URL: https://pypi.python.org/pypi/Django Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/336334/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-django3 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2192902

1 year, 1 month

1
10
0 / 0

[Bug 2185885] New: python-django3 cannot be used to substitute python-django

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2185885 Bug ID: 2185885 Summary: python-django3 cannot be used to substitute python-django Product: Fedora Version: rawhide Status: NEW Component: python-django3 Assignee: michel(a)michel-slm.name Reporter: lzaoral(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora Description of problem: python-django3 cannot be used to substitute python-django Version-Release number of selected component (if applicable): All available releases for Fedora and EPEL. How reproducible: always Steps to Reproduce: Run `dnf install python3-django3 python3-kobo-django` Actual results: Error: Problem: package python3-kobo-django-0.19.0-2.el8.noarch requires python3-django >= 1.6, but none of the providers can be installed - package python3-django3-3.2.18-1.el8.noarch conflicts with python3-django provided by python3-django-2.2.24-1.el8.noarch - conflicting requests (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) Expected results: Both packages install and coexist without any issues. Additional info: The spec is missing a respective `Provides:` declaration. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2185885

1 year, 1 month

1
12
0 / 0

[Bug 2185715] New: CVE-2023-1906 ImageMagick: heap-based buffer overflow in ImportMultiSpectralQuantum() in MagickCore/quantum-import.c [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2185715 Bug ID: 2185715 Summary: CVE-2023-1906 ImageMagick: heap-based buffer overflow in ImportMultiSpectralQuantum() in MagickCore/quantum-import.c [fedora-all] Product: Fedora Version: 37 Status: NEW Component: ImageMagick Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: luya_tfz(a)thefinalzone.net Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: blaise(a)gmail.com, davide(a)cavalca.name, epel-packagers-sig(a)lists.fedoraproject.org, fedora(a)famillecollet.com, luya_tfz(a)thefinalzone.net, michel(a)michel-slm.name, ngompa13(a)gmail.com, pampelmuse(a)gmx.at, sergio(a)serjux.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2185714 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2185715

1 year, 1 month

1
4
0 / 0

[Bug 2196051] New: python-fsspec-2023.5.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2196051 Bug ID: 2196051 Summary: python-fsspec-2023.5.0 is available Product: Fedora Version: rawhide Status: NEW Component: python-fsspec Keywords: FutureFeature, Triaged Assignee: quantum.analyst(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, python-packagers-sig(a)lists.fedoraproject.org, quantum.analyst(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 2023.5.0 Upstream release that is considered latest: 2023.5.0 Current version/release in rawhide: 2023.4.0-1.fc39 URL: https://github.com/intake/filesystem_spec Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/21932/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-fsspec -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2196051

1 year, 1 month

1
3
0 / 0

[Bug 2185716] New: CVE-2023-1906 ImageMagick: heap-based buffer overflow in ImportMultiSpectralQuantum() in MagickCore/quantum-import.c [epel-8]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2185716 Bug ID: 2185716 Summary: CVE-2023-1906 ImageMagick: heap-based buffer overflow in ImportMultiSpectralQuantum() in MagickCore/quantum-import.c [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: ImageMagick Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: luya_tfz(a)thefinalzone.net Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: blaise(a)gmail.com, davide(a)cavalca.name, epel-packagers-sig(a)lists.fedoraproject.org, fedora(a)famillecollet.com, luya_tfz(a)thefinalzone.net, michel(a)michel-slm.name, ngompa13(a)gmail.com, pampelmuse(a)gmx.at, sergio(a)serjux.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2185714 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2185716

1 year, 1 month

1
4
0 / 0

[Bug 2196644] New: CVE-2023-30861 python-flask: flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2196644 Bug ID: 2196644 Summary: CVE-2023-30861 python-flask: flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-flask Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: fzatlouk(a)redhat.com Reporter: mbenatto(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: danielmyoung(a)gmail.com, epel-packagers-sig(a)lists.fedoraproject.org, fzatlouk(a)redhat.com, hushan.jia(a)gmail.com, karlthered(a)gmail.com, patrick(a)puiterwijk.org, python-packagers-sig(a)lists.fedoraproject.org, tdawson(a)redhat.com, tflink(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2196643 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2196644

1 year, 1 month

1
4
0 / 0

2024

2023

2022

2021

Epel-packagers-sig May 2023