[Bug 1243892] New: Tracker for golang-github-mitchellh-mapstructure
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1243892
Bug ID: 1243892
Summary: Tracker for golang-github-mitchellh-mapstructure
Product: Fedora
Version: rawhide
Component: golang-github-mitchellh-mapstructure
Severity: low
Priority: low
Assignee: jchaloup(a)redhat.com
Reporter: jchaloup(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: golang(a)lists.fedoraproject.org, jchaloup(a)redhat.com,
lsm5(a)redhat.com, vbatts(a)redhat.com
Tracker for async updates of golang-github-mitchellh-mapstructure for rawhide
and other fedora distribution.
As golang devel packages are used only as a build-time dependency at the
moment, this tracker keeps updates and other information about this package,
e.g. broken dependencies, exceptions, important pieces of information and other
issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 3 months
[Bug 1250502] New: Tracker for golang-github-ryanuber-columnize
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1250502
Bug ID: 1250502
Summary: Tracker for golang-github-ryanuber-columnize
Product: Fedora
Version: rawhide
Component: golang-github-ryanuber-columnize
Assignee: fpokorny(a)redhat.com
Reporter: fpokorny(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fpokorny(a)redhat.com, golang(a)lists.fedoraproject.org,
jchaloup(a)redhat.com
Tracker for async updates of golang-github-ryanuber-columnize for rawhide and
other fedora distribution.
As golang devel packages are used only as a build-time dependency at the
moment, this tracker keeps updates and other information about this package,
e.g. broken dependencies, exceptions, important pieces of information and other
issues.
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 3 months
Broken dependencies: golang-github-prometheus-prometheus
by Fedora Koji Build System
golang-github-prometheus-prometheus has broken dependencies in the rawhide tree:
On x86_64:
golang-github-prometheus-prometheus-devel-0.15.0-1.fc24.noarch requires golang(gopkg.in/fsnotify.v1)
On i386:
golang-github-prometheus-prometheus-devel-0.15.0-1.fc24.noarch requires golang(gopkg.in/fsnotify.v1)
On armhfp:
golang-github-prometheus-prometheus-devel-0.15.0-1.fc24.noarch requires golang(gopkg.in/fsnotify.v1)
Please resolve this as soon as possible.
8 years, 3 months
[Bug 1298791] New: Go isn't installed into recommended upstream
location
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1298791
Bug ID: 1298791
Summary: Go isn't installed into recommended upstream location
Product: Fedora
Version: 23
Component: golang
Assignee: vbatts(a)redhat.com
Reporter: martincigorraga(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, amurdaca(a)redhat.com,
golang(a)lists.fedoraproject.org, jcajka(a)redhat.com,
lemenkov(a)gmail.com, renich(a)woralelandia.com, s(a)shk.io,
vbatts(a)redhat.com
Hi,
Description of problem:
Go's download page states:
"The Go binary distributions assume they will be installed in /usr/local/go
[...]"
Currently the golang package installs Go into /usr/bin/.
Version-Release number of selected component (if applicable):
Name : golang
Arch : x86_64
Epoch : 0
Version : 1.5.2
Release : 2.fc23
Additional info:
Being Fedora a distribution that strives to be as close as possible to upstream
I'm curious about the reason on why Go is installed on a different location
from the one upstream expects to be installed.
Cheers.
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 3 months
Fwd: [security] Go 1.5.3 is released
by Jakub Cajka
Golang-1.5.3 build have been submitted to bodhi and to build-root override.
https://bodhi.fedoraproject.org/updates/FEDORA-2016-2dcc094217
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5a073cbd93
Please test and provide karma, also please consider rebuilding your packages, if they use TLS/RSA, to pick up the fix.
Fedora tracking bug https://bugzilla.redhat.com/show_bug.cgi?id=1293451.
Upstream notice follows.
----- Forwarded Message -----
From: "Chris Broadfoot" <cbro(a)golang.org>
To: "golang-dev" <golang-dev(a)googlegroups.com>, golang-nuts(a)googlegroups.com, golang-announce(a)googlegroups.com, oss-security(a)openwall.com
Sent: Wednesday, January 13, 2016 10:04:42 PM
Subject: [security] Go 1.5.3 is released
[posting on behalf of Jason Buberel]
A security-related issue has been reported in Go's math/big package. The
issue was introduced in Go 1.5. We recommend that all users upgrade to Go
1.5.3, which fixes the issue. Go programs must be recompiled with Go 1.5.3
in order to receive the fix.
The Go team would like to thank Nick Craig-Wood for identifying the issue.
This issue can affect RSA computations in crypto/rsa, which is used by
crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA
private key due to this issue. Other protocol implementations that create
many RSA signatures could also be impacted in the same way.
Specifically, incorrect results in one part of the RSA Chinese Remainder
computation can cause the result to be incorrect in such a way that it
leaks one of the primes. While RSA blinding should prevent an attacker from
crafting specific inputs that trigger the bug, on 32-bit systems the bug
can be expected to occur at random around one in 2^26 times. Thus
collecting around 64 million signatures (of known data) from an affected
server should be enough to extract the private key used.
On 64-bit systems, the frequency of the bug is so low (less than one in
2^50) that it would be very difficult to exploit. Nonetheless, everyone is
strongly encouraged to upgrade.
Go 1.6 will include include a change to double-check the RSA computation,
which is a generic countermeasure to this class of bug.
The CVE issue descriptions and fixes are linked below. Downloads are
available at http://golang.org/dl for all supported platforms.
CVE-2015-8618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8618
CLs fixing the issue:
https://go-review.googlesource.com/#/c/17672/
https://go-review.googlesource.com/#/c/18491/
--
You received this message because you are subscribed to the Google Groups "golang-announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-announce+unsubscribe(a)googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
8 years, 3 months
[Bug 1298128] New: openshift-origin: kubernetes: Building
configuration to a strategy not allowed by policy
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1298128
Bug ID: 1298128
Summary: openshift-origin: kubernetes: Building configuration
to a strategy not allowed by policy
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: abhgupta(a)redhat.com, dmcphers(a)redhat.com,
eparis(a)redhat.com, golang(a)lists.fedoraproject.org,
jcajka(a)redhat.com, jchaloup(a)redhat.com,
jialiu(a)redhat.com, jokerman(a)redhat.com,
kseifried(a)redhat.com, lmeyer(a)redhat.com,
mmccomas(a)redhat.com, nhorman(a)redhat.com,
tiwillia(a)redhat.com, vbatts(a)redhat.com
It was found that it is allowed to modify a build to use a restricted strategy
so that it escalates privileges when built.
Upstream Bug:
https://github.com/openshift/origin/issues/6556
Upstream patch:
https://github.com/openshift/origin/pull/6576
CVE request:
http://seclists.org/oss-sec/2016/q1/79
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 3 months
[Bug 1298129] New: openshift-origin: kubernetes: Building
configuration to a strategy not allowed by policy [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1298129
Bug ID: 1298129
Summary: openshift-origin: kubernetes: Building configuration
to a strategy not allowed by policy [fedora-all]
Product: Fedora
Version: 23
Component: kubernetes
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jchaloup(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eparis(a)redhat.com, golang(a)lists.fedoraproject.org,
jcajka(a)redhat.com, jchaloup(a)redhat.com,
nhorman(a)redhat.com, vbatts(a)redhat.com
Blocks: 1298128
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1298128
[Bug 1298128] openshift-origin: kubernetes: Building configuration to a
strategy not allowed by policy
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 3 months
Broken dependencies: golang-github-prometheus-prometheus
by Fedora Koji Build System
golang-github-prometheus-prometheus has broken dependencies in the rawhide tree:
On x86_64:
golang-github-prometheus-prometheus-devel-0.15.0-1.fc24.noarch requires golang(gopkg.in/fsnotify.v1)
On i386:
golang-github-prometheus-prometheus-devel-0.15.0-1.fc24.noarch requires golang(gopkg.in/fsnotify.v1)
On armhfp:
golang-github-prometheus-prometheus-devel-0.15.0-1.fc24.noarch requires golang(gopkg.in/fsnotify.v1)
Please resolve this as soon as possible.
8 years, 3 months