https://bugzilla.redhat.com/show_bug.cgi?id=2140488
Bug ID: 2140488
Summary: python-mistune-3.0.0a3 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-mistune
Keywords: FutureFeature, Triaged
Assignee: lupinix.fedora(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
lupinix.fedora(a)gmail.com,
python-packagers-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Releases retrieved: 3.0.0rc2
Upstream release that is considered latest: 3.0.0a3
Current version/release in rawhide: 2.0.4-1.fc38
URL: https://github.com/lepture/mistune
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/6189/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-mistune
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2140488
https://bugzilla.redhat.com/show_bug.cgi?id=2246633
Bug ID: 2246633
Summary: CVE-2023-46234 yarnpkg: browserify-sign: upper bound
check issue in dsaVerify leads to a signature forgery
attack [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: yarnpkg
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: zsvetlik(a)redhat.com
Reporter: pdelbell(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, ngompa13(a)gmail.com,
zsvetlik(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2246470
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2246633
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2220682
Bug ID: 2220682
Summary: CVE-2023-26136 yarnpkg: tough-cookie: prototype
pollution in cookie memstore [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: yarnpkg
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: zsvetlik(a)redhat.com
Reporter: ahanwate(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, ngompa13(a)gmail.com,
zsvetlik(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2219310
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2220682
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2209317
Bug ID: 2209317
Summary: CVE-2022-37599 yarnpkg: loader-utils: regular
expression denial of service in interpolateName.js
[fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: yarnpkg
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: zsvetlik(a)redhat.com
Reporter: ahanwate(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, ngompa13(a)gmail.com,
zsvetlik(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2134872
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2209317
https://bugzilla.redhat.com/show_bug.cgi?id=2254037
Bug ID: 2254037
Summary: python-pandas uses Cython 0.29 to build, please update
to Cython 3
Product: Fedora
Version: rawhide
Status: NEW
Component: python-pandas
Assignee: jonathan(a)almalinux.org
Reporter: mhroncok(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
jonathan(a)almalinux.org, mail(a)kushaldas.in,
neuro-sig(a)lists.fedoraproject.org, orion(a)nwra.com,
python-packagers-sig(a)lists.fedoraproject.org,
sergio.pasra(a)gmail.com, tomspur(a)fedoraproject.org,
wfp5p(a)worldbroken.com
Blocks: 2254029 (DROP_CYTHON_0.29)
Target Milestone: ---
Classification: Fedora
Description of problem:
As the maintainer of the deprecated python-cython0.29 package, I'd like to get
rid of it. I'm opening this bugzilla to track the migration of python-pandas to
Cython 3.
Version-Release number of selected component:
python-pandas-0:1.5.3-7.fc39~bootstrap.src
Upstream issue: https://github.com/pandas-dev/pandas/issues/34213
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2254029
[Bug 2254029] Tracker: Get rid of Cython 0.29
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2254037
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2251792
Bug ID: 2251792
Summary: python-bcrypt-4.1.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-bcrypt
Keywords: FutureFeature, Triaged
Assignee: pingou(a)pingoured.fr
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org, mhayden(a)redhat.com,
pingou(a)pingoured.fr,
python-packagers-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Releases retrieved: 4.1.0
Upstream release that is considered latest: 4.1.0
Current version/release in rawhide: 4.0.1-6.fc40
URL: http://pypi.python.org/pypi/bcrypt
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/9047/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-bcrypt
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2251792
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…