[Bug 2127351] New: CVE-2020-7677 yarnpkg: thenify: Arbitrary Code Execution in thenify [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2127351
Bug ID: 2127351
Summary: CVE-2020-7677 yarnpkg: thenify: Arbitrary Code
Execution in thenify [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: yarnpkg
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: zsvetlik(a)redhat.com
Reporter: ahanwate(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
ngompa13(a)gmail.com, zsvetlik(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2127351
11 months
[Bug 2127008] New: CVE-2021-43138 yarnpkg: async: Prototype Pollution in async [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2127008
Bug ID: 2127008
Summary: CVE-2021-43138 yarnpkg: async: Prototype Pollution in
async [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: yarnpkg
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: zsvetlik(a)redhat.com
Reporter: ahanwate(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
ngompa13(a)gmail.com, zsvetlik(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2127008
11 months
[Bug 2135231] New: CVE-2021-36369 dropbear: <net-misc/dropbear-2022.82: forwarded agent abuse [epel-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2135231
Bug ID: 2135231
Summary: CVE-2021-36369 dropbear: <net-misc/dropbear-2022.82:
forwarded agent abuse [epel-all]
Product: Fedora EPEL
Version: epel8
Status: NEW
Component: dropbear
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: buytenh(a)wantstofly.org
Reporter: mrehak(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: buytenh(a)wantstofly.org, cickumqt(a)gmail.com,
daniellarasouza(a)yahoo.com.br,
epel-packagers-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2135231
11 months, 1 week
[Bug 2140613] New: CVE-2022-37603 yarnpkg: loader-utils:Regular expression denial of service [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2140613
Bug ID: 2140613
Summary: CVE-2022-37603 yarnpkg: loader-utils:Regular
expression denial of service [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: yarnpkg
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: zsvetlik(a)redhat.com
Reporter: vinair(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
ngompa13(a)gmail.com, zsvetlik(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2140613
11 months, 1 week
[Bug 2032607] New: F36FailsToInstall: hyperkitty
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2032607
Bug ID: 2032607
Summary: F36FailsToInstall: hyperkitty
Product: Fedora
Version: rawhide
Status: NEW
Component: python-hyperkitty
Assignee: michel(a)michel-slm.name
Reporter: mhroncok(a)redhat.com
CC: epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
python-sig(a)lists.fedoraproject.org
Blocks: 1992487 (F36FailsToInstall,RAWHIDEFailsToInstall)
Target Milestone: ---
Classification: Fedora
Hello,
Please note that this comment was generated automatically. If you feel that
this output has mistakes, please contact me via email (mhroncok(a)redhat.com).
Your package (python-hyperkitty) Fails To Install in Fedora 36:
can't install hyperkitty:
- nothing provides python3.10dist(flufl-lock) >= 4 needed by
hyperkitty-1.3.5-1.fc36.noarch
- nothing provides python3.10dist(mistune) >= 2~rc1 needed by
hyperkitty-1.3.5-1.fc36.noarch
If you know about this problem and are planning on fixing it, please
acknowledge so by setting the bug status to ASSIGNED. If you don't have time to
maintain this package, consider orphaning it, so maintainers of dependent
packages realize the problem.
If you don't react accordingly to the policy for FTBFS/FTI bugs
(https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai...),
your package may be orphaned in 8+ weeks.
P.S. The data was generated solely from koji buildroot, so it might be newer
than the latest compose or the content on mirrors.
P.P.S. If this bug has been reported in the middle of upgrading multiple
dependent packages, please consider using side tags:
https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter...
Thanks!
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1992487
[Bug 1992487] Fedora 36 Fails To install Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2032607
11 months, 1 week
[Bug 2063508] New: authentication recquired The password you use does not match
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2063508
Bug ID: 2063508
Summary: authentication recquired The password you use does not
match
Product: Fedora
Version: 36
OS: Linux
Status: NEW
Component: keyrings-filesystem
Severity: high
Assignee: manisandro(a)gmail.com
Reporter: jjb(a)xs4all.nl
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, sergio(a)serjux.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Keyring is locked. (in Passwords and Keys, Seahorse)
try to solve error message "authentication required, the password you use to
log in to your computer no longer match that of your login keyring"
The known password is not accepted.
Version-Release number of selected component (if applicable):
How reproducible:
try to Get Geary (email program) at work.
At login to the computer the password is working all right.
Steps to Reproduce:
1.
2.
3.
Actual results:
cannot authenticate password.
Expected results:
no question of authentication
Additional info:
do not know how to solve this problem.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2063508
11 months, 1 week
[Bug 2090622] New: [abrt] xmlstarlet: xmlXPathCompUnaryExpr(): xmlstarlet killed by SIGSEGV
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2090622
Bug ID: 2090622
Summary: [abrt] xmlstarlet: xmlXPathCompUnaryExpr(): xmlstarlet
killed by SIGSEGV
Product: Fedora
Version: 36
Hardware: x86_64
Status: NEW
Whiteboard: abrt_hash:fae15203a4426ff6ea89539d9cb4c1ae9473b845;VAR
IANT_ID=workstation;
Component: xmlstarlet
Assignee: stickster(a)gmail.com
Reporter: mf.flip(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: daltonminer(a)gmail.com, dcavalca(a)fb.com,
epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
stickster(a)gmail.com
Target Milestone: ---
Classification: Fedora
Version-Release number of selected component:
xmlstarlet-1.6.1-18.fc36
Additional info:
reporter: libreport-2.17.1
backtrace_rating: 4
cgroup:
0::/user.slice/user-1000.slice/user@1000.service/app.slice/vte-spawn-b6417f15-9599-4249-82d4-24ff704344e1.scope
cmdline: xmlstarlet ed --without-comments activemq.xml
crash_function: xmlXPathCompUnaryExpr
executable: /usr/bin/xmlstarlet
journald_cursor:
s=952f321409164e31aecdcfe29dabfc09;i=2c2dd8;b=d8a42405eec240a19c823e14d4731d5c;m=7ac1a3fe9;t=5dfd855906ebd;x=1c1ad98bbbf498bf
kernel: 5.17.9-300.fc36.x86_64
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000
Truncated backtrace:
Thread no. 1 (10 frames)
#0 xmlXPathCompUnaryExpr at
/usr/src/debug/libxml2-2.9.14-1.fc36.x86_64/xpath.c:10736
#1 xmlXPathCompMultiplicativeExpr at
/usr/src/debug/libxml2-2.9.14-1.fc36.x86_64/xpath.c:10769
#2 xmlXPathCompAdditiveExpr at
/usr/src/debug/libxml2-2.9.14-1.fc36.x86_64/xpath.c:10810
#3 xmlXPathCompRelationalExpr at
/usr/src/debug/libxml2-2.9.14-1.fc36.x86_64/xpath.c:10848
#4 xmlXPathCompEqualityExpr at
/usr/src/debug/libxml2-2.9.14-1.fc36.x86_64/xpath.c:10887
#5 xmlXPathCompAndExpr at
/usr/src/debug/libxml2-2.9.14-1.fc36.x86_64/xpath.c:10918
#6 xmlXPathCompileExpr at
/usr/src/debug/libxml2-2.9.14-1.fc36.x86_64/xpath.c:10956
#7 xmlXPathEvalExpr__internal_alias at
/usr/src/debug/libxml2-2.9.14-1.fc36.x86_64/xpath.c:14426
#9 xmlXPathEval__internal_alias at
/usr/src/debug/libxml2-2.9.14-1.fc36.x86_64/xpath.c:14466
#10 xmlXPathEvalExpression__internal_alias at
/usr/src/debug/libxml2-2.9.14-1.fc36.x86_64/xpath.c:14541
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2090622
11 months, 1 week
[Bug 2107574] New: fortune(6) man page indentation is messed up for -o and -s options
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2107574
Bug ID: 2107574
Summary: fortune(6) man page indentation is messed up for -o
and -s options
Product: Fedora
Version: 36
Status: NEW
Component: fortune-mod
Severity: low
Assignee: sheltren(a)fedoraproject.org
Reporter: rhbugs(a)n-dimensional.de
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
sergio(a)serjux.com, sheltren(a)fedoraproject.org,
shlomif(a)shlomifish.org
Target Milestone: ---
Classification: Fedora
Created attachment 1897376
--> https://bugzilla.redhat.com/attachment.cgi?id=1897376&action=edit
Quick fix patch to the fortune.6 file, copying the formatting -i and -n
Description of problem:
In the fortune(6) man page, the indentation for the description
of the options -o and -s is wrong.
Version-Release number of selected component (if applicable):
fortune-mod-3.12.0-2.fc36.x86_64
How reproducible:
100%
Steps to Reproduce:
1. man fortune
2. type /record or scroll down
Actual results:
filename-record will precede the records from the file it names.
-n length
Set the longest fortune length (in characters) considered to be
“short” (the default is 160). All fortunes longer than this are
considered “long”. Be careful! If you set the length too short and
ask for short fortunes, or too long and ask for long ones, fortune
goes into a never-ending thrash loop.
-o Choose only from potentially offensive aphorisms. The -o option
is ignored if a fortune directory is specified.
Please, please, please request a potentially offensive fortune if
and only if you believe, deep in your heart, that you are willing
to be offended. (And that you'll just quit using -o rather than
give us grief about it, okay?)
... let us keep in mind the basic governing philosophy of The
Brotherhood, as handsomely summarized in these words: we believe in
healthy, hearty laughter -- at the expense of the whole human race,
if needs be. Needs be.
--H. Allen Smith, "Rude Jokes"
-s Short apothegms only. See -n on which fortunes are considered
“short”.
-i
Ignore case for -m patterns.
Expected results:
filename-record will precede the records from the file it names.
-n length
Set the longest fortune length (in characters) considered to be
“short” (the default is 160). All fortunes longer than this are
considered “long”. Be careful! If you set the length too short and
ask for short fortunes, or too long and ask for long ones, fortune
goes into a never-ending thrash loop.
-o
Choose only from potentially offensive aphorisms. The -o option is
ignored if a fortune directory is specified.
Please, please, please request a potentially offensive fortune if
and only if you believe, deep in your heart, that you are willing
to be offended. (And that you'll just quit using -o rather than
give us grief about it, okay?)
... let us keep in mind the basic governing philosophy of The
Brotherhood, as handsomely summarized in these words: we believe in
healthy, hearty laughter -- at the expense of the whole human race,
if needs be. Needs be.
--H. Allen Smith, "Rude Jokes"
-s
Short apothegms only. See -n on which fortunes are considered
“short”.
-i
Ignore case for -m patterns.
Additional info:
The attached patch only fixes the symptoms, not the root cause.
This should probably be fixed somewhere upstream deep inside the mass of perl
scripts building the man pages.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2107574
11 months, 1 week