[SECURITY] Fedora 36 Update: golang-vbom-util-0-0.12.20190520gitefcd4e0.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-vbom-util
Product : Fedora 36
Version : 0
Release : 0.12.20190520gitefcd4e0.fc36
URL : https://github.com/fvbommel/util
Summary : Sort orders, comparison functions, and "heavy-weight string" utilities
Description :
Sort orders, comparison functions, and "heavy-weight string" utilities in Go.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.12
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-starlark-0-0.8.20210113gite81fc95.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-starlark
Product : Fedora 36
Version : 0
Release : 0.8.20210113gite81fc95.fc36
URL : https://github.com/google/starlark-go
Summary : Dialect of Python intended for use as a configuration language
Description :
Starlark is a dialect of Python intended for use as a configuration language.
Like Python, it is an untyped dynamic language with high-level data types,
first-class functions with lexical scope, and garbage collection. Unlike
CPython, independent Starlark threads execute in parallel, so Starlark
workloads scale well on parallel machines. Starlark is a small and simple
language with a familiar and highly readable syntax. You can use it as an
expressive notation for structured data, defining functions to eliminate
repetition, or you can use it to add scripting capabilities to an existing
application.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.8
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-sigs-k8s-aws-iam-authenticator-0.5.2-8.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-sigs-k8s-aws-iam-authenticator
Product : Fedora 36
Version : 0.5.2
Release : 8.fc36
URL : https://github.com/kubernetes-sigs/aws-iam-authenticator
Summary : Tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
Description :
A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster. The
initial work on this tool was driven by Heptio. The project receives
contributions from multiple community engineers and is currently maintained by
Heptio and Amazon EKS OSS Engineers.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0.5.2-8
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
* Thu Jun 23 2022 Maxwell G <gotmax(a)e.email> - 0.5.2-7
- Rebuild to mitigate CVE-2022-21698 (rhbz#2067400).
* Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0.5.2-6
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
* Sat Apr 16 2022 Fabio Alessandro Locati <me(a)fale.io> - 0.5.2-5
- Rebuilt for CVE-2022-27191
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-rsc-pdf-0.1.1-11.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-rsc-pdf
Product : Fedora 36
Version : 0.1.1
Release : 11.fc36
URL : https://github.com/rsc/pdf
Summary : PDF reader library in Go
Description :
PDF reader library in Go.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0.1.1-11
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-mvdan-sh-3-3.4.3-5.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-mvdan-sh-3
Product : Fedora 36
Version : 3.4.3
Release : 5.fc36
URL : https://github.com/mvdan/sh
Summary : A shell parser, formatter, and interpreter
Description :
A shell parser, formatter, and interpreter. Supports POSIX Shell, Bash, and
mksh.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 3.4.3-5
- Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
* Sat Jul 9 2022 Maxwell G <gotmax(a)e.email> 3.4.3-4
- Rebuild for CVE-2022-{24675,28327,29526 in golang}
* Sat Jul 9 2022 Maxwell G <gotmax(a)e.email> 3.4.3-3
- Rebuild for CVE-2022-{24675,28327,29526 in golang}
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-mvdan-xurls-2.2.0-7.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-mvdan-xurls
Product : Fedora 36
Version : 2.2.0
Release : 7.fc36
URL : https://github.com/mvdan/xurls
Summary : Extract urls from text
Description :
Extract urls from text using regular expressions. Requires Go 1.10.3 or later.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 2.2.0-7
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-mongodb-mongo-driver-1.4.5-7.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-mongodb-mongo-driver
Product : Fedora 36
Version : 1.4.5
Release : 7.fc36
URL : https://github.com/mongodb/mongo-go-driver
Summary : Go driver for MongoDB
Description :
The Go driver for MongoDB.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 1.4.5-7
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-k8s-sample-controller-1.22.0-5.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-k8s-sample-controller
Product : Fedora 36
Version : 1.22.0
Release : 5.fc36
URL : https://github.com/kubernetes/sample-controller
Summary : Simple controller for watching Foo resources
Description :
This package implements a simple controller for watching Foo resources as
defined with a CustomResourceDefinition (CRD).
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 1.22.0-5
- Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-github-chromedp-cdproto-0-0.9.20220719git285dfb4.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-github-chromedp-cdproto
Product : Fedora 36
Version : 0
Release : 0.9.20220719git285dfb4.fc36
URL : https://github.com/chromedp/cdproto
Summary : Generated commands, types, and events for the Chrome DevTools Protocol domains
Description :
Package cdproto contains the generated commands, types, and events for the
Chrome DevTools Protocol domains.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0-0.9
- Bump to commit 285dfb42699ca5b9073cfdc2a4e25967f09a8681
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
Fedora 36 Update: python-markupsafe-2.1.1-1.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-c2a2dfb4f7
2022-07-31 01:30:22.784673
--------------------------------------------------------------------------------
Name : python-markupsafe
Product : Fedora 36
Version : 2.1.1
Release : 1.fc36
URL : https://pypi.org/project/MarkupSafe/
Summary : Implements a XML/HTML/XHTML Markup safe string for Python
Description :
A library for safe markup escaping.
--------------------------------------------------------------------------------
Update Information:
Update to 2.1.1, but keep upstream removed deprecated soft_unicode function
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 8 2022 Miro Hron��ok <mhroncok(a)redhat.com> - 2.1.1-1
- Update to 2.1.1, but keep upstream removed deprecated soft_unicode function
- Fixes: rhbz#2105301
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2105301 - Backport markupsafe 2.1.1 from rawhide to f36/f35
https://bugzilla.redhat.com/show_bug.cgi?id=2105301
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-c2a2dfb4f7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months