-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-e81c0db364 2022-08-10 01:27:41.684692 --------------------------------------------------------------------------------
Name : squirrel Product : Fedora 35 Version : 2.2.5 Release : 25.fc35 URL : http://squirrel-lang.org/ Summary : High level imperative/OO programming language Description : Squirrel is a high level imperative/OO programming language, designed to be a powerful scripting tool that fits in the size, memory bandwidth, and real-time requirements of applications like games.
-------------------------------------------------------------------------------- Update Information:
- backport fixes for CVE-2021-41556 and CVE-2022-30292 -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 1 2022 Dan Hor��k <dan[at]danny.cz> - 2.2.5-25 - backport fixes for CVE-2021-41556 and CVE-2022-30292 * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org - 2.2.5-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Sat Jan 22 2022 Fedora Release Engineering releng@fedoraproject.org - 2.2.5-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2082176 - CVE-2022-30292 squirrel: thread_call in sqbaselib.cpp lacks a certain sq_reservestack call https://bugzilla.redhat.com/show_bug.cgi?id=2082176 [ 2 ] Bug #2112794 - CVE-2021-41556 squirrel: out-of-bounds read in core interpreter allows sandbox escape leads to code execution https://bugzilla.redhat.com/show_bug.cgi?id=2112794 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-e81c0db364' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------