https://bugzilla.redhat.com/show_bug.cgi?id=1484821
Bug ID: 1484821
Summary: CVE-2017-12976 git-annex: RCE via ssh URL with an
initial dash character in the hostname [fedora-all]
Product: Fedora
Version: 26
Component: git-annex
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: mathstuf(a)gmail.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: haskell-devel(a)lists.fedoraproject.org,
mathstuf(a)gmail.com, petersen(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1504370
Bug ID: 1504370
Summary: git-annex-6.20171018 is available
Product: Fedora
Version: rawhide
Component: git-annex
Keywords: FutureFeature, Triaged
Assignee: mathstuf(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: haskell-devel(a)lists.fedoraproject.org,
mathstuf(a)gmail.com, petersen(a)redhat.com
Latest upstream release: 6.20171018
Current version/release in rawhide: 6.20170925-1.fc28
URL: http://hackage.haskell.org/package/git-annex
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1165/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1484822
Bug ID: 1484822
Summary: CVE-2017-12976 git-annex: RCE via ssh URL with an
initial dash character in the hostname [epel-all]
Product: Fedora EPEL
Version: epel7
Component: git-annex
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: mathstuf(a)gmail.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: haskell-devel(a)lists.fedoraproject.org,
mathstuf(a)gmail.com, petersen(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1176888
Bug ID: 1176888
Summary: git-annex-5.20141219 is available
Product: Fedora
Version: rawhide
Component: git-annex
Keywords: FutureFeature, Triaged
Assignee: mathstuf(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: haskell-devel(a)lists.fedoraproject.org,
mathstuf(a)gmail.com
Latest upstream release: 5.20141219
Current version/release in Fedora Rawhide: 5.20140717-3.fc22
URL: http://hackage.haskell.org/package/git-annex
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service
will be implemented by a new system: https://release-monitoring.org/
It will require to manage monitored projects via a new web interface. Please
make yourself familiar with the new system to ease the transition.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0zhaf8U4Z0&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1452947
Bug ID: 1452947
Summary: ghc-conduit-extra-1.1.16 is available
Product: Fedora
Version: rawhide
Component: ghc-conduit-extra
Keywords: FutureFeature, Triaged
Assignee: petersen(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: haskell-devel(a)lists.fedoraproject.org,
petersen(a)redhat.com
Latest upstream release: 1.1.16
Current version/release in rawhide: 1.1.15-1.fc26
URL: ghc-conduit-extra
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6432/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1457253
Bug ID: 1457253
Summary: ghc-ansi-terminal-0.6.3 is available
Product: Fedora
Version: rawhide
Component: ghc-ansi-terminal
Keywords: FutureFeature, Triaged
Assignee: petersen(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: chitlesh(a)gmail.com,
haskell-devel(a)lists.fedoraproject.org,
petersen(a)redhat.com
Latest upstream release: 0.6.3
Current version/release in rawhide: 0.6.2.3-3.fc26
URL: https://hackage.haskell.org/package/ansi-terminal
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1089/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1504338
Bug ID: 1504338
Summary: ghc-gtk-0.14.7 is available
Product: Fedora
Version: rawhide
Component: ghc-gtk
Keywords: FutureFeature, Triaged
Assignee: petersen(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: haskell-devel(a)lists.fedoraproject.org,
petersen(a)redhat.com
Latest upstream release: 0.14.7
Current version/release in rawhide: 0.14.6-4.fc28
URL: http://hackage.haskell.org/package/gtk
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/992/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1440561
Bug ID: 1440561
Summary: ghc-parallel-3.2.1.1 is available
Product: Fedora
Version: rawhide
Component: ghc-parallel
Keywords: FutureFeature, Triaged
Assignee: petersen(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: haskell-devel(a)lists.fedoraproject.org,
petersen(a)redhat.com
Latest upstream release: 3.2.1.1
Current version/release in rawhide: 3.2.1.0-3.fc26
URL: http://hackage.haskell.org/package/parallel
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/970/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1442546
Bug ID: 1442546
Summary: ghc-async-2.1.1.1 is available
Product: Fedora
Version: rawhide
Component: ghc-async
Keywords: FutureFeature, Triaged
Assignee: petersen(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: haskell-devel(a)lists.fedoraproject.org,
petersen(a)redhat.com
Latest upstream release: 2.1.1.1
Current version/release in rawhide: 2.1.1-1.fc26
URL: http://hackage.haskell.org/package/async
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1049/
--
You are receiving this mail because:
You are on the CC list for the bug.