-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-e139f256f6 2022-08-10 01:15:25.226748 --------------------------------------------------------------------------------
Name : squirrel Product : Fedora 36 Version : 2.2.5 Release : 25.fc36 URL : http://squirrel-lang.org/ Summary : High level imperative/OO programming language Description : Squirrel is a high level imperative/OO programming language, designed to be a powerful scripting tool that fits in the size, memory bandwidth, and real-time requirements of applications like games.
-------------------------------------------------------------------------------- Update Information:
- backport fixes for CVE-2021-41556 and CVE-2022-30292 -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 1 2022 Dan Hor��k <dan[at]danny.cz> - 2.2.5-25 - backport fixes for CVE-2021-41556 and CVE-2022-30292 * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org - 2.2.5-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2082176 - CVE-2022-30292 squirrel: thread_call in sqbaselib.cpp lacks a certain sq_reservestack call https://bugzilla.redhat.com/show_bug.cgi?id=2082176 [ 2 ] Bug #2112794 - CVE-2021-41556 squirrel: out-of-bounds read in core interpreter allows sandbox escape leads to code execution https://bugzilla.redhat.com/show_bug.cgi?id=2112794 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-e139f256f6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org