--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-fae3ecee19
2022-07-04 01:26:49.799780
--------------------------------------------------------------------------------
Name : syncthing
Product : Fedora 36
Version : 1.20.2
Release : 2.fc36
URL :
https://syncthing.net
Summary : Continuous File Synchronization
Description :
Syncthing replaces other file synchronization services with something
open, trustworthy and decentralized. Your data is your data alone and
you deserve to choose where it is stored, if it is shared with some
third party and how it's transmitted over the Internet. Using syncthing,
that control is returned to you.
This package contains the syncthing client binary and systemd services.
--------------------------------------------------------------------------------
Update Information:
Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629 Rebuild to mitigate CVE-2022-21698
(rhbz#2067400). ---- Update to 1.1.0 ---- Disable package_note on arm too
---- update to 0.44.1 rhbz#2007854 ---- Add missing archive ---- Update to
0.0.31 - Close: rhbz#1963535 ---- Rebuilt for CVE-2022-1996,
CVE-2022-24675, CVE-2022-28327,
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 1.20.2-2
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327,
CVE-2022-27191, CVE-2022-29526, CVE-2022-30629
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1963535 - golang-storj-drpc-0.0.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1963535
[ 2 ] Bug #2067400 - CVE-2022-21698 golang-github-prometheus-client:
prometheus/client_golang: Denial of service using InstrumentHandlerCounter [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2067400
[ 3 ] Bug #2074268 - CVE-2022-27191 vultr: golang: crash in a
golang.org/x/crypto/ssh
server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2074268
[ 4 ] Bug #2084865 - CVE-2022-28327 golang-github-prometheus-node-exporter: golang:
crypto/elliptic: panic caused by oversized scalar [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2084865
[ 5 ] Bug #2088110 - CVE-2022-24675 golang-github-theupdateframework-notary: golang:
encoding/pem: fix stack overflow in Decode [fedora-35]
https://bugzilla.redhat.com/show_bug.cgi?id=2088110
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-fae3ecee19' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------