-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-a2a7673da2 2021-01-14 01:37:01.292865 --------------------------------------------------------------------------------
Name : golang-github-russellhaering-goxmldsig Product : Fedora 33 Version : 1.1.0 Release : 1.fc33 URL : https://github.com/russellhaering/goxmldsig Summary : Pure Go implementation of XML Digital Signatures Description :
Pure Go implementation of XML Digital Signatures.
-------------------------------------------------------------------------------- Update Information:
Update to 1.1.0 Security fix for CVE-2020-15216 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 5 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 1.1.0-1 - Update to 1.1.0 - Security fix for CVE-2020-15216 - Fix: rhbz#1884119 - Fix: rhbz#1884118 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1884118 - CVE-2020-15216 goxmldsig: carefully crafted XML file could allow to bypass signature validation https://bugzilla.redhat.com/show_bug.cgi?id=1884118 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-a2a7673da2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------