July 2022 - package-announce - Fedora Mailing-Lists

[SECURITY] Fedora 36 Update: golang-vbom-util-0-0.12.20190520gitefcd4e0.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-vbom-util Product : Fedora 36 Version : 0 Release : 0.12.20190520gitefcd4e0.fc36 URL : https://github.com/fvbommel/util Summary : Sort orders, comparison functions, and "heavy-weight string" utilities Description : Sort orders, comparison functions, and "heavy-weight string" utilities in Go. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.12 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-starlark-0-0.8.20210113gite81fc95.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-starlark Product : Fedora 36 Version : 0 Release : 0.8.20210113gite81fc95.fc36 URL : https://github.com/google/starlark-go Summary : Dialect of Python intended for use as a configuration language Description : Starlark is a dialect of Python intended for use as a configuration language. Like Python, it is an untyped dynamic language with high-level data types, first-class functions with lexical scope, and garbage collection. Unlike CPython, independent Starlark threads execute in parallel, so Starlark workloads scale well on parallel machines. Starlark is a small and simple language with a familiar and highly readable syntax. You can use it as an expressive notation for structured data, defining functions to eliminate repetition, or you can use it to add scripting capabilities to an existing application. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.8 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-sigs-k8s-aws-iam-authenticator-0.5.2-8.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-sigs-k8s-aws-iam-authenticator Product : Fedora 36 Version : 0.5.2 Release : 8.fc36 URL : https://github.com/kubernetes-sigs/aws-iam-authenticator Summary : Tool to use AWS IAM credentials to authenticate to a Kubernetes cluster Description : A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster. The initial work on this tool was driven by Heptio. The project receives contributions from multiple community engineers and is currently maintained by Heptio and Amazon EKS OSS Engineers. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0.5.2-8 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Thu Jun 23 2022 Maxwell G <gotmax(a)e.email> - 0.5.2-7 - Rebuild to mitigate CVE-2022-21698 (rhbz#2067400). * Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0.5.2-6 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 * Sat Apr 16 2022 Fabio Alessandro Locati <me(a)fale.io> - 0.5.2-5 - Rebuilt for CVE-2022-27191 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-rsc-pdf-0.1.1-11.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-rsc-pdf Product : Fedora 36 Version : 0.1.1 Release : 11.fc36 URL : https://github.com/rsc/pdf Summary : PDF reader library in Go Description : PDF reader library in Go. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0.1.1-11 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-mvdan-sh-3-3.4.3-5.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-mvdan-sh-3 Product : Fedora 36 Version : 3.4.3 Release : 5.fc36 URL : https://github.com/mvdan/sh Summary : A shell parser, formatter, and interpreter Description : A shell parser, formatter, and interpreter. Supports POSIX Shell, Bash, and mksh. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 3.4.3-5 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Sat Jul 9 2022 Maxwell G <gotmax(a)e.email> 3.4.3-4 - Rebuild for CVE-2022-{24675,28327,29526 in golang} * Sat Jul 9 2022 Maxwell G <gotmax(a)e.email> 3.4.3-3 - Rebuild for CVE-2022-{24675,28327,29526 in golang} -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-mvdan-xurls-2.2.0-7.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-mvdan-xurls Product : Fedora 36 Version : 2.2.0 Release : 7.fc36 URL : https://github.com/mvdan/xurls Summary : Extract urls from text Description : Extract urls from text using regular expressions. Requires Go 1.10.3 or later. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 2.2.0-7 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-mongodb-mongo-driver-1.4.5-7.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-mongodb-mongo-driver Product : Fedora 36 Version : 1.4.5 Release : 7.fc36 URL : https://github.com/mongodb/mongo-go-driver Summary : Go driver for MongoDB Description : The Go driver for MongoDB. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 1.4.5-7 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-k8s-sample-controller-1.22.0-5.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-k8s-sample-controller Product : Fedora 36 Version : 1.22.0 Release : 5.fc36 URL : https://github.com/kubernetes/sample-controller Summary : Simple controller for watching Foo resources Description : This package implements a simple controller for watching Foo resources as defined with a CustomResourceDefinition (CRD). -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 1.22.0-5 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-github-chromedp-cdproto-0-0.9.20220719git285dfb4.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-github-chromedp-cdproto Product : Fedora 36 Version : 0 Release : 0.9.20220719git285dfb4.fc36 URL : https://github.com/chromedp/cdproto Summary : Generated commands, types, and events for the Chrome DevTools Protocol domains Description : Package cdproto contains the generated commands, types, and events for the Chrome DevTools Protocol domains. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 0-0.9 - Bump to commit 285dfb42699ca5b9073cfdc2a4e25967f09a8681 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

Fedora 36 Update: python-markupsafe-2.1.1-1.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-c2a2dfb4f7 2022-07-31 01:30:22.784673 -------------------------------------------------------------------------------- Name : python-markupsafe Product : Fedora 36 Version : 2.1.1 Release : 1.fc36 URL : https://pypi.org/project/MarkupSafe/ Summary : Implements a XML/HTML/XHTML Markup safe string for Python Description : A library for safe markup escaping. -------------------------------------------------------------------------------- Update Information: Update to 2.1.1, but keep upstream removed deprecated soft_unicode function -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 8 2022 Miro Hron��ok <mhroncok(a)redhat.com> - 2.1.1-1 - Update to 2.1.1, but keep upstream removed deprecated soft_unicode function - Fixes: rhbz#2105301 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2105301 - Backport markupsafe 2.1.1 from rawhide to f36/f35 https://bugzilla.redhat.com/show_bug.cgi?id=2105301 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-c2a2dfb4f7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce July 2022