[SECURITY] Fedora 40 Update: onnx-1.14.1-2.fc40

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-abe1e34fdb 2024-03-29 00:16:07.816413 -------------------------------------------------------------------------------- Name : onnx Product : Fedora 40 Version : 1.14.1 Release : 2.fc40 URL : https://github.com/onnx/onnx Summary : Open standard for machine learning interoperability Description : onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data types. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-27318 and CVE-2024-27319 -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 24 2024 Alejandro Alvarez Ayllon <a.alvarezayllon(a)gmail.com&gt; - 1.14.1-2 - Backport of fixes for CVE-2024-27318 and CVE-2024-27319 * Wed Feb 21 2024 Diego Herrera C <dherrera(a)redhat.com&gt;- 1.14.1-1 - Release 1.14.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2265737 - CVE-2024-27318 onnx: directory traversal https://bugzilla.redhat.com/show_bug.cgi?id=2265737 [ 2 ] Bug #2265739 - CVE-2024-27319 onnx: oob read https://bugzilla.redhat.com/show_bug.cgi?id=2265739 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-abe1e34fdb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------