[SECURITY] Fedora 36 Update: golang-github-mailru-easyjson-0.7.6-5.fc36

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-fae3ecee19 2022-07-04 01:26:49.799780 -------------------------------------------------------------------------------- Name : golang-github-mailru-easyjson Product : Fedora 36 Version : 0.7.6 Release : 5.fc36 URL : https://github.com/mailru/easyjson Summary : Fast JSON serializer for Go Description : Package Easyjson provides a fast and easy way to marshal/unmarshal Go structs to/from JSON without the use of reflection. In performance tests, easyjson outperforms the standard encoding/json package by a factor of 4-5x, and other JSON encoding packages by a factor of 2-3x. Easyjson aims to keep generated Go code simple enough so that it can be easily optimized or fixed. Another goal is to provide users with the ability to customize the generated code by providing options not available with the standard encoding/json package, such as generating "snake_case" names or enabling omitempty behavior by default. -------------------------------------------------------------------------------- Update Information: Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 Rebuild to mitigate CVE-2022-21698 (rhbz#2067400). ---- Update to 1.1.0 ---- Disable package_note on arm too ---- update to 0.44.1 rhbz#2007854 ---- Add missing archive ---- Update to 0.0.31 - Close: rhbz#1963535 ---- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com&gt; - 0.7.6-5 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1963535 - golang-storj-drpc-0.0.31 is available https://bugzilla.redhat.com/show_bug.cgi?id=1963535 [ 2 ] Bug #2067400 - CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2067400 [ 3 ] Bug #2074268 - CVE-2022-27191 vultr: golang: crash in a golang.org/x/crypto/ssh server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2074268 [ 4 ] Bug #2084865 - CVE-2022-28327 golang-github-prometheus-node-exporter: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2084865 [ 5 ] Bug #2088110 - CVE-2022-24675 golang-github-theupdateframework-notary: golang: encoding/pem: fix stack overflow in Decode [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2088110 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-fae3ecee19' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------