[Bug 2010107] New: Provide perl-Mail-RFC822-Address for EPEL-8
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2010107
Bug ID: 2010107
Summary: Provide perl-Mail-RFC822-Address for EPEL-8
Product: Fedora
Version: rawhide
Status: NEW
Component: perl-Mail-RFC822-Address
Assignee: andreas(a)bawue.net
Reporter: fedoraproject.org(a)bluhm-de.com
QA Contact: extras-qa(a)fedoraproject.org
CC: andreas(a)bawue.net, perl-devel(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Please provide this package for EPEL8.
I am also happy to do this or even contribute/take ownership for EPEL. So do
feel free to add me as contributor.
FAS ID: sbluhm
Thank you and best wishes,
Stefan
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2010107
2 years, 6 months
[Bug 2008957] New: CVE-2021-38562 rt: User enumeration through a
timing side-channel attack
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2008957
Bug ID: 2008957
Summary: CVE-2021-38562 rt: User enumeration through a timing
side-channel attack
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: j(a)tib.bs, perl-devel(a)lists.fedoraproject.org,
rc040203(a)freenet.de
Target Milestone: ---
Classification: Other
Package: request-tracker5
Version: 5.0.1+dfsg-1
Severity: serious
Tags: security
Hi,
upstream has fixed the following issue in 5.0.2:
"In previous versions, RT's native login system is vulnerable to user
enumeration through a timing side-channel attack. This means an external
entity could try to find valid usernames by attempting logins and
comparing the time to evaluate each login attempt for valid and invalid
usernames. This vulnerability does not allow any access to the RT
system. This vulnerability is assigned CVE-2021-38562 and is fixed
in this release."
It would be nice if you could upgrade (or cherry-pick) that fix, please
also mention 'CVE-2021-38562' in the changelog when doing so.
Regards,
Daniel
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2008957
2 years, 6 months