[Bug 2279666] CVE-2024-34069 google-roboto-mono-fonts: python-werkzeug: user may execute code on a developer's machine [fedora-40]

https://bugzilla.redhat.com/show_bug.cgi?id=2279666 Link Dupont <link(a)sub-pop.net&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |NOTABUG Status|NEW |CLOSED Last Closed| |2024-05-08 09:46:48 --- Comment #2 from Link Dupont <link(a)sub-pop.net&gt; --- google-roboto-mono-fonts does list python-workzeug in its upstream requirements.txt, however Fedora's package does not use Python to build the fonts locally. The pre-built upstream fonts are installed directly. Therefore, google-roboto-mono-fonts is not affected by this CVE. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2279666 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=rep...