--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-fae3ecee19
2022-07-04 01:26:49.799780
--------------------------------------------------------------------------------
Name : golang-github-mailru-easyjson
Product : Fedora 36
Version : 0.7.6
Release : 5.fc36
URL :
https://github.com/mailru/easyjson
Summary : Fast JSON serializer for Go
Description :
Package Easyjson provides a fast and easy way to marshal/unmarshal Go structs
to/from JSON without the use of reflection. In performance tests, easyjson
outperforms the standard encoding/json package by a factor of 4-5x, and other
JSON encoding packages by a factor of 2-3x.
Easyjson aims to keep generated Go code simple enough so that it can be easily
optimized or fixed. Another goal is to provide users with the ability to
customize the generated code by providing options not available with the
standard encoding/json package, such as generating "snake_case" names or
enabling omitempty behavior by default.
--------------------------------------------------------------------------------
Update Information:
Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629 Rebuild to mitigate CVE-2022-21698
(rhbz#2067400). ---- Update to 1.1.0 ---- Disable package_note on arm too
---- update to 0.44.1 rhbz#2007854 ---- Add missing archive ---- Update to
0.0.31 - Close: rhbz#1963535 ---- Rebuilt for CVE-2022-1996,
CVE-2022-24675, CVE-2022-28327,
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0.7.6-5
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1963535 - golang-storj-drpc-0.0.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1963535
[ 2 ] Bug #2067400 - CVE-2022-21698 golang-github-prometheus-client:
prometheus/client_golang: Denial of service using InstrumentHandlerCounter [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2067400
[ 3 ] Bug #2074268 - CVE-2022-27191 vultr: golang: crash in a
golang.org/x/crypto/ssh
server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074268
[ 4 ] Bug #2084865 - CVE-2022-28327 golang-github-prometheus-node-exporter: golang:
crypto/elliptic: panic caused by oversized scalar [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2084865
[ 5 ] Bug #2088110 - CVE-2022-24675 golang-github-theupdateframework-notary: golang:
encoding/pem: fix stack overflow in Decode [fedora-35]
https://bugzilla.redhat.com/show_bug.cgi?id=2088110
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-fae3ecee19' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------