--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-fae3ecee19
2022-07-04 01:26:49.799780
--------------------------------------------------------------------------------
Name : golang-x-exp
Product : Fedora 36
Version : 0
Release : 0.43.20220330git053ad81.fc36
URL :
https://github.com/golang/exp
Summary : Experimental and deprecated Go packages
Description :
This subrepository holds experimental and deprecated packages.
The idea for this subrepository originated as the pkg/exp directory of the main
repository, but its presence there made it unavailable to users of the binary
downloads of the Go installation. The subrepository has therefore been created
to make it possible to go get these packages.
--------------------------------------------------------------------------------
Update Information:
Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629 Rebuild to mitigate CVE-2022-21698
(rhbz#2067400). ---- Update to 1.1.0 ---- Disable package_note on arm too
---- update to 0.44.1 rhbz#2007854 ---- Add missing archive ---- Update to
0.0.31 - Close: rhbz#1963535 ---- Rebuilt for CVE-2022-1996,
CVE-2022-24675, CVE-2022-28327,
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 0-0.43
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327,
CVE-2022-27191, CVE-2022-29526, CVE-2022-30629
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1963535 - golang-storj-drpc-0.0.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1963535
[ 2 ] Bug #2067400 - CVE-2022-21698 golang-github-prometheus-client:
prometheus/client_golang: Denial of service using InstrumentHandlerCounter [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2067400
[ 3 ] Bug #2074268 - CVE-2022-27191 vultr: golang: crash in a
golang.org/x/crypto/ssh
server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074268
[ 4 ] Bug #2084865 - CVE-2022-28327 golang-github-prometheus-node-exporter: golang:
crypto/elliptic: panic caused by oversized scalar [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2084865
[ 5 ] Bug #2088110 - CVE-2022-24675 golang-github-theupdateframework-notary: golang:
encoding/pem: fix stack overflow in Decode [fedora-35]
https://bugzilla.redhat.com/show_bug.cgi?id=2088110
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-fae3ecee19' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------