January 2024 - Epel-packagers-sig - Fedora Mailing-Lists

[Bug 2248370] New: golang-x-mod: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248370 Bug ID: 2248370 Summary: golang-x-mod: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all] Product: Fedora Version: 38 Status: NEW Component: golang-x-mod Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mark.e.fuller(a)gmx.de Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2248209 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248370 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

5 months, 1 week

1
10
0 / 0

[Bug 2248371] New: golang-x-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248371 Bug ID: 2248371 Summary: golang-x-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all] Product: Fedora Version: 38 Status: NEW Component: golang-x-net Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mark.e.fuller(a)gmx.de Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2248209 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248371 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

5 months, 1 week

1
8
0 / 0

[Bug 2255095] New: CVE-2023-48795 golang-x-crypto: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2255095 Bug ID: 2255095 Summary: CVE-2023-48795 golang-x-crypto: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [fedora-all] Product: Fedora Version: 39 Status: NEW Component: golang-x-crypto Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mark.e.fuller(a)gmx.de Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254210 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2255095 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

5 months, 1 week

1
10
0 / 0

[Bug 2257428] New: zbar-0.23.93 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2257428 Bug ID: 2257428 Summary: zbar-0.23.93 is available Product: Fedora Version: rawhide Status: NEW Component: zbar Keywords: FutureFeature, Triaged Assignee: gwync(a)protonmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 0.23.93 Upstream release that is considered latest: 0.23.93 Current version/release in rawhide: 0.23.90-12.fc40 URL: https://github.com/mchehab/zbar Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/13689/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/zbar -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2257428 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

5 months, 1 week

1
8
0 / 0

[Bug 2257396] New: Affect by CVE-2023-40889

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2257396 Bug ID: 2257396 Summary: Affect by CVE-2023-40889 Product: Fedora Version: 38 OS: Linux Status: NEW Component: zbar Keywords: Security Severity: urgent Assignee: gwync(a)protonmail.com Reporter: bugzilla(a)terrortux.de QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora It looks like 0.23.90 needs an update, because it will be affected by the CVE. Reproducible: Always https://github.com/advisories/GHSA-mhp6-jvpx-2p4m -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2257396 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

5 months, 1 week

1
6
0 / 0

[Bug 2235863] New: CVE-2023-40889 zbar: buffer overflow via crafted qr code [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2235863 Bug ID: 2235863 Summary: CVE-2023-40889 zbar: buffer overflow via crafted qr code [fedora-all] Product: Fedora Version: 38 Status: NEW Component: zbar Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: gwync(a)protonmail.com Reporter: askrabec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235861 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2235863 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

5 months, 1 week

1
8
0 / 0

[Bug 2235860] New: CVE-2023-40890 zbar: stack overflow caused malicious qr code may lead to information diusclosure or arbitrary code execution. [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2235860 Bug ID: 2235860 Summary: CVE-2023-40890 zbar: stack overflow caused malicious qr code may lead to information diusclosure or arbitrary code execution. [fedora-all] Product: Fedora Version: 38 Status: NEW Component: zbar Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: gwync(a)protonmail.com Reporter: askrabec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2235858 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2235860 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

5 months, 1 week

1
8
0 / 0

[Bug 2248226] New: golang-x-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248226 Bug ID: 2248226 Summary: golang-x-net: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: golang-x-net Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mark.e.fuller(a)gmx.de Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2248209 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248226 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

5 months, 1 week

1
5
0 / 0

[Bug 2229579] New: CVE-2023-3978 golang-x-net: golang.org/x/net/html: Cross site scripting [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2229579 Bug ID: 2229579 Summary: CVE-2023-3978 golang-x-net: golang.org/x/net/html: Cross site scripting [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: golang-x-net Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mark.e.fuller(a)gmx.de Reporter: ahanwate(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2228689 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2229579 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

5 months, 1 week

1
5
0 / 0

[Bug 2178403] New: CVE-2022-41723 golang-x-net: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2178403 Bug ID: 2178403 Summary: CVE-2022-41723 golang-x-net: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: golang-x-net Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: zebob.m(a)gmail.com Reporter: ahanwate(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, zebob.m(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2178358 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2178403

5 months, 1 week

1
7
0 / 0

2024

2023

2022

2021

Epel-packagers-sig January 2024