August 2022 - Epel-packagers-sig - Fedora Mailing-Lists

[Bug 2121958] New: fennel-1.2.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2121958 Bug ID: 2121958 Summary: fennel-1.2.0 is available Product: Fedora Version: rawhide Status: NEW Component: fennel Keywords: FutureFeature, Triaged Assignee: michel(a)michel-slm.name Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, lua-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora Releases retrieved: 1.2.0 Upstream release that is considered latest: 1.2.0 Current version/release in rawhide: 1.1.0-2.fc37 URL: https://fennel-lang.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/22691/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/fennel -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2121958

1 year, 6 months

1
14
0 / 0

[Bug 2122362] New: CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2122362 Bug ID: 2122362 Summary: CVE-2020-35535 LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: dchen(a)redhat.com, debarshir(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, hobbes1069(a)gmail.com, jridky(a)redhat.com, manisandro(a)gmail.com, mattdm(a)redhat.com, mattia.verga(a)proton.me, michel(a)michel-slm.name, ngompa13(a)gmail.com, nphilipp(a)redhat.com, sebastian(a)sdziallas.com, sergio(a)serjux.com, siddharth.kde(a)gmail.com, sipoyare(a)redhat.com, thibault(a)north.li Target Milestone: --- Classification: Other In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. Upstream issue: https://github.com/LibRaw/LibRaw/issues/283 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2122362

1 year, 6 months

1
8
0 / 0

[Bug 2122360] New: CVE-2020-35534 LibRaw: Memory corruption in "crxFreeSubbandData()" function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2122360 Bug ID: 2122360 Summary: CVE-2020-35534 LibRaw: Memory corruption in "crxFreeSubbandData()" function Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: dchen(a)redhat.com, debarshir(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, hobbes1069(a)gmail.com, jridky(a)redhat.com, manisandro(a)gmail.com, mattdm(a)redhat.com, mattia.verga(a)proton.me, michel(a)michel-slm.name, ngompa13(a)gmail.com, nphilipp(a)redhat.com, sebastian(a)sdziallas.com, sergio(a)serjux.com, siddharth.kde(a)gmail.com, sipoyare(a)redhat.com, thibault(a)north.li Target Milestone: --- Classification: Other In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. Upstream issue: https://github.com/LibRaw/LibRaw/issues/279 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2122360

1 year, 6 months

1
7
0 / 0

[Bug 2122159] New: xmlstarlet missing in EPEL8

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2122159 Bug ID: 2122159 Summary: xmlstarlet missing in EPEL8 Product: Fedora EPEL Version: epel8 Hardware: All OS: Linux Status: NEW Component: xmlstarlet Severity: high Assignee: stickster(a)gmail.com Reporter: vashastr(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: adeza(a)redhat.com, bhubbard(a)redhat.com, daltonminer(a)gmail.com, dcavalca(a)fb.com, epel-packagers-sig(a)lists.fedoraproject.org, extras-qa(a)fedoraproject.org, ghenadii.batalski(a)conitas.de, guenther.reim(a)allianz.at, michel(a)michel-slm.name, ngompa13(a)gmail.com, olivier.lahaye1(a)free.fr, skimeer(a)gmail.com, stickster(a)gmail.com Depends On: 1757000 Target Milestone: --- Classification: Fedora +++ This bug was initially created as a clone of Bug #1757000 +++ Description of problem: xmlstarlet is missing in EPEL8 As there is no alternative to this tool (validate or query xml files from cmdline), it's important to have it on EPEL-8 --- Additional comment from Alfredo Deza on 2019-10-18 19:26:22 UTC --- The Ceph project depends on this missing package for builds, we've had to install it directly from the commandline (!) as a workaround. Any progress on this would be greatly appreciated. --- Additional comment from Fedora Update System on 2019-11-09 20:02:11 UTC --- FEDORA-EPEL-2019-3b10f1dd23 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3b10f1dd23 --- Additional comment from Paul W. Frields on 2019-11-09 20:02:59 UTC --- @Brad, @Alfredo -- if you'd like to see this available sooner, please encourage people to test the update from the link above. --- Additional comment from Brad Hubbard on 2019-11-10 00:06:58 UTC --- (In reply to Paul W. Frields from comment #3) > @Brad, @Alfredo -- if you'd like to see this available sooner, please > encourage people to test the update from the link above. ACK. Thanks Paul. --- Additional comment from Fedora Update System on 2019-11-11 03:15:37 UTC --- xmlstarlet-1.6.1-11.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3b10f1dd23 --- Additional comment from Gena on 2019-11-15 14:43:41 UTC --- Could you please provide this package in a UBI8 repo. We use the keycloak image from now based on ubi8 and need to adapt the xml configuration on image build. Thank you and kind regards, Gena --- Additional comment from Paul W. Frields on 2019-11-15 17:44:58 UTC --- @Gena: Is there a reason a package in the EPEL 8 repository won't work for this purpose? --- Additional comment from Gena on 2019-11-19 08:01:54 UTC --- (In reply to Paul W. Frields from comment #7) > @Gena: Is there a reason a package in the EPEL 8 repository won't work for > this purpose? May be, but i only have 2 repositories available: sh-4.4# dnf repolist repo id repo name ubi-8-appstream Red Hat Universal Base Image 8 (RPMs) - AppStream ubi-8-baseos Red Hat Universal Base Image 8 (RPMs) - BaseOS EPEL is not listed there --- Additional comment from Fedora Update System on 2019-11-27 01:03:39 UTC --- xmlstarlet-1.6.1-11.el8 has been pushed to the Fedora EPEL 8 stable repository. If problems still persist, please make note of it in this bug report. --- Additional comment from Paul W. Frields on 2019-12-03 01:41:32 UTC --- Please refer to the UBI FAQ for info: https://developers.redhat.com/articles/ubi-faq/#community --- Additional comment from Gena on 2019-12-05 09:10:00 UTC --- (In reply to Paul W. Frields from comment #10) > Please refer to the UBI FAQ for info: > https://developers.redhat.com/articles/ubi-faq/#community thank you for the hint, but it says nothing about, how to use the UBI8 image outside the playground: i prefer to install my packages from approved repos. The simple enablement of EPEL via microdnf is not described. The only library to work with xml from the console is the xmlstarlet, so, in my opinion, it should be put into default repo just like it's done by alpine, debian, ubuntu... --- Additional comment from Paul W. Frields on 2019-12-06 16:28:23 UTC --- To enable EPEL on UBI Standard or Multi-service, simply use the instructions at https://fedoraproject.org/wiki/EPEL and you can `yum install xmlstarlet`. To enable with microdnf, you must create a suitable .repo file in your UBI environment. At a minimum: [epel] name=EPEL 8 baseurl=https://download.fedoraproject.org/pub/epel/8/Everything/x86_64 failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 And grab the GPG key from the epel-release source repo: $ curl -o /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 https://src.fedoraproject.org/rpms/epel-release/raw/epel8/f/RPM-GPG-KEY-E... You can then `microdnf install xmlstarlet`. --- Additional comment from Shailesh on 2022-08-29 08:12:22 UTC --- We are facing an issue again with rockylinux:8.6 container image. Steps followed are as below - 1. Create a container from rockylinux:8.6 [root@ssc-vm-rhev4-0707 ~]# docker run --rm -it rockylinux:8.6 2. Enable powertools and install epel-release package [root@acb8441a9bb1 /]# dnf install dnf-plugin-config-manager -y ;dnf config-manager --set-enabled powertools Rocky Linux 8 - AppStream 9.2 MB/s | 9.6 MB 00:01 Rocky Linux 8 - BaseOS 4.1 MB/s | 6.7 MB 00:01 Rocky Linux 8 - Extras 28 kB/s | 11 kB 00:00 Dependencies resolved. ========================================================================================================================================================================================= Package Architecture Version Repository Size ========================================================================================================================================================================================= Installing: dnf-plugins-core noarch 4.0.21-11.el8 baseos 70 k Installing dependencies: dbus-glib x86_64 0.110-2.el8 baseos 126 k python3-dateutil noarch 1:2.6.1-6.el8 baseos 250 k python3-dbus x86_64 1.2.4-15.el8 baseos 133 k python3-dnf-plugins-core noarch 4.0.21-11.el8 baseos 239 k python3-six noarch 1.11.0-8.el8 baseos 37 k Transaction Summary ========================================================================================================================================================================================= Install 6 Packages Total download size: 854 k Installed size: 2.3 M Downloading Packages: (1/6): dnf-plugins-core-4.0.21-11.el8.noarch.rpm 268 kB/s | 70 kB 00:00 (2/6): dbus-glib-0.110-2.el8.x86_64.rpm 430 kB/s | 126 kB 00:00 (3/6): python3-dbus-1.2.4-15.el8.x86_64.rpm 1.2 MB/s | 133 kB 00:00 (4/6): python3-dateutil-2.6.1-6.el8.noarch.rpm 656 kB/s | 250 kB 00:00 (5/6): python3-dnf-plugins-core-4.0.21-11.el8.noarch.rpm 2.0 MB/s | 239 kB 00:00 (6/6): python3-six-1.11.0-8.el8.noarch.rpm 690 kB/s | 37 kB 00:00 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 1.5 MB/s | 854 kB 00:00 Rocky Linux 8 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x6D745A60: Userid : "Release Engineering <infrastructure(a)rockylinux.org>" Fingerprint: 7051 C470 A929 F454 CEBE 37B7 15AF 5DAC 6D74 5A60 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : python3-six-1.11.0-8.el8.noarch 1/6 Installing : python3-dateutil-1:2.6.1-6.el8.noarch 2/6 Installing : dbus-glib-0.110-2.el8.x86_64 3/6 Running scriptlet: dbus-glib-0.110-2.el8.x86_64 3/6 Installing : python3-dbus-1.2.4-15.el8.x86_64 4/6 Installing : python3-dnf-plugins-core-4.0.21-11.el8.noarch 5/6 Installing : dnf-plugins-core-4.0.21-11.el8.noarch 6/6 Running scriptlet: dnf-plugins-core-4.0.21-11.el8.noarch 6/6 Verifying : dbus-glib-0.110-2.el8.x86_64 1/6 Verifying : dnf-plugins-core-4.0.21-11.el8.noarch 2/6 Verifying : python3-dateutil-1:2.6.1-6.el8.noarch 3/6 Verifying : python3-dbus-1.2.4-15.el8.x86_64 4/6 Verifying : python3-dnf-plugins-core-4.0.21-11.el8.noarch 5/6 Verifying : python3-six-1.11.0-8.el8.noarch 6/6 Installed: dbus-glib-0.110-2.el8.x86_64 dnf-plugins-core-4.0.21-11.el8.noarch python3-dateutil-1:2.6.1-6.el8.noarch python3-dbus-1.2.4-15.el8.x86_64 python3-dnf-plugins-core-4.0.21-11.el8.noarch python3-six-1.11.0-8.el8.noarch Complete! [root@acb8441a9bb1 /]# yum install epel-release -y Rocky Linux 8 - PowerTools 1.5 MB/s | 2.4 MB 00:01 Last metadata expiration check: 0:00:02 ago on Mon Aug 29 07:59:48 2022. Dependencies resolved. ========================================================================================================================================================================================= Package Architecture Version Repository Size ========================================================================================================================================================================================= Installing: epel-release noarch 8-17.el8 extras 24 k Transaction Summary ========================================================================================================================================================================================= Install 1 Package Total download size: 24 k Installed size: 34 k Downloading Packages: epel-release-8-17.el8.noarch.rpm 216 kB/s | 24 kB 00:00 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 119 kB/s | 24 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : epel-release-8-17.el8.noarch 1/1 Running scriptlet: epel-release-8-17.el8.noarch 1/1 Many EPEL packages require the CodeReady Builder (CRB) repository. It is recommended that you run /usr/bin/crb enable to enable the CRB repository. Verifying : epel-release-8-17.el8.noarch 1/1 Installed: epel-release-8-17.el8.noarch Complete! [root@acb8441a9bb1 /]# 3. Test installation of xmlstarlet [root@acb8441a9bb1 /]# yum list xmlstarlet Extra Packages for Enterprise Linux 8 - x86_64 2.4 MB/s | 13 MB 00:05 Extra Packages for Enterprise Linux Modular 8 - x86_64 340 kB/s | 734 kB 00:02 Last metadata expiration check: 0:00:01 ago on Mon Aug 29 08:01:40 2022. Error: No matching Packages to list [root@acb8441a9bb1 /]# --- Additional comment from Shailesh on 2022-08-29 08:13:43 UTC --- We are facing an issue again with rockylinux:8.6 container image. Steps followed are as below - 1. Create a container from rockylinux:8.6 [root@test-node ~]# docker run --rm -it rockylinux:8.6 2. Enable powertools and install epel-release package [root@acb8441a9bb1 /]# dnf install dnf-plugin-config-manager -y ;dnf config-manager --set-enabled powertools Rocky Linux 8 - AppStream 9.2 MB/s | 9.6 MB 00:01 Rocky Linux 8 - BaseOS 4.1 MB/s | 6.7 MB 00:01 Rocky Linux 8 - Extras 28 kB/s | 11 kB 00:00 Dependencies resolved. ========================================================================================================================================================================================= Package Architecture Version Repository Size ========================================================================================================================================================================================= Installing: dnf-plugins-core noarch 4.0.21-11.el8 baseos 70 k Installing dependencies: dbus-glib x86_64 0.110-2.el8 baseos 126 k python3-dateutil noarch 1:2.6.1-6.el8 baseos 250 k python3-dbus x86_64 1.2.4-15.el8 baseos 133 k python3-dnf-plugins-core noarch 4.0.21-11.el8 baseos 239 k python3-six noarch 1.11.0-8.el8 baseos 37 k Transaction Summary ========================================================================================================================================================================================= Install 6 Packages Total download size: 854 k Installed size: 2.3 M Downloading Packages: (1/6): dnf-plugins-core-4.0.21-11.el8.noarch.rpm 268 kB/s | 70 kB 00:00 (2/6): dbus-glib-0.110-2.el8.x86_64.rpm 430 kB/s | 126 kB 00:00 (3/6): python3-dbus-1.2.4-15.el8.x86_64.rpm 1.2 MB/s | 133 kB 00:00 (4/6): python3-dateutil-2.6.1-6.el8.noarch.rpm 656 kB/s | 250 kB 00:00 (5/6): python3-dnf-plugins-core-4.0.21-11.el8.noarch.rpm 2.0 MB/s | 239 kB 00:00 (6/6): python3-six-1.11.0-8.el8.noarch.rpm 690 kB/s | 37 kB 00:00 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 1.5 MB/s | 854 kB 00:00 Rocky Linux 8 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x6D745A60: Userid : "Release Engineering <infrastructure(a)rockylinux.org>" Fingerprint: 7051 C470 A929 F454 CEBE 37B7 15AF 5DAC 6D74 5A60 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : python3-six-1.11.0-8.el8.noarch 1/6 Installing : python3-dateutil-1:2.6.1-6.el8.noarch 2/6 Installing : dbus-glib-0.110-2.el8.x86_64 3/6 Running scriptlet: dbus-glib-0.110-2.el8.x86_64 3/6 Installing : python3-dbus-1.2.4-15.el8.x86_64 4/6 Installing : python3-dnf-plugins-core-4.0.21-11.el8.noarch 5/6 Installing : dnf-plugins-core-4.0.21-11.el8.noarch 6/6 Running scriptlet: dnf-plugins-core-4.0.21-11.el8.noarch 6/6 Verifying : dbus-glib-0.110-2.el8.x86_64 1/6 Verifying : dnf-plugins-core-4.0.21-11.el8.noarch 2/6 Verifying : python3-dateutil-1:2.6.1-6.el8.noarch 3/6 Verifying : python3-dbus-1.2.4-15.el8.x86_64 4/6 Verifying : python3-dnf-plugins-core-4.0.21-11.el8.noarch 5/6 Verifying : python3-six-1.11.0-8.el8.noarch 6/6 Installed: dbus-glib-0.110-2.el8.x86_64 dnf-plugins-core-4.0.21-11.el8.noarch python3-dateutil-1:2.6.1-6.el8.noarch python3-dbus-1.2.4-15.el8.x86_64 python3-dnf-plugins-core-4.0.21-11.el8.noarch python3-six-1.11.0-8.el8.noarch Complete! [root@acb8441a9bb1 /]# yum install epel-release -y Rocky Linux 8 - PowerTools 1.5 MB/s | 2.4 MB 00:01 Last metadata expiration check: 0:00:02 ago on Mon Aug 29 07:59:48 2022. Dependencies resolved. ========================================================================================================================================================================================= Package Architecture Version Repository Size ========================================================================================================================================================================================= Installing: epel-release noarch 8-17.el8 extras 24 k Transaction Summary ========================================================================================================================================================================================= Install 1 Package Total download size: 24 k Installed size: 34 k Downloading Packages: epel-release-8-17.el8.noarch.rpm 216 kB/s | 24 kB 00:00 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 119 kB/s | 24 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : epel-release-8-17.el8.noarch 1/1 Running scriptlet: epel-release-8-17.el8.noarch 1/1 Many EPEL packages require the CodeReady Builder (CRB) repository. It is recommended that you run /usr/bin/crb enable to enable the CRB repository. Verifying : epel-release-8-17.el8.noarch 1/1 Installed: epel-release-8-17.el8.noarch Complete! [root@acb8441a9bb1 /]# 3. Test installation of xmlstarlet [root@acb8441a9bb1 /]# yum list xmlstarlet Extra Packages for Enterprise Linux 8 - x86_64 2.4 MB/s | 13 MB 00:05 Extra Packages for Enterprise Linux Modular 8 - x86_64 340 kB/s | 734 kB 00:02 Last metadata expiration check: 0:00:01 ago on Mon Aug 29 08:01:40 2022. Error: No matching Packages to list [root@acb8441a9bb1 /]# --- Additional comment from Guenther on 2022-08-29 11:00:42 UTC --- i´m facing the same issue. seems that xmlstarlet is no longer available in epel... can`t find it here: https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/x/ Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1757000 [Bug 1757000] xmlstarlet missing in EPEL8 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2122159

1 year, 6 months

1
14
0 / 0

[Bug 2085998] New: python-utils-3.2.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2085998 Bug ID: 2085998 Summary: python-utils-3.2.0 is available Product: Fedora Version: rawhide Status: NEW Component: python-utils Keywords: FutureFeature, Triaged Assignee: mhroncok(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, mhroncok(a)redhat.com, python-sig(a)lists.fedoraproject.org, thomas.andrejak(a)gmail.com Target Milestone: --- Classification: Fedora Latest upstream release: 3.2.0 Current version/release in rawhide: 3.1.0-1.fc37 URL: https://github.com/WoLpH/python-utils Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/12707/ -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2085998

1 year, 6 months

1
20
0 / 0

[Bug 2095982] New: rocksdb-7.3.1 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2095982 Bug ID: 2095982 Summary: rocksdb-7.3.1 is available Product: Fedora Version: rawhide Status: NEW Component: rocksdb Keywords: FutureFeature, Triaged Assignee: hegjon(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: dcavalca(a)fb.com, epel-packagers-sig(a)lists.fedoraproject.org, hegjon(a)gmail.com, mmuzila(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 7.3.1 Upstream release that is considered latest: 7.3.1 Current version/release in rawhide: 7.2.2-3.fc37 URL: https://github.com/facebook/rocksdb Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/15560/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/rocksdb -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2095982

1 year, 7 months

1
21
0 / 0

[Bug 2067022] New: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2067022 Bug ID: 2067022 Summary: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.h Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: trathi(a)redhat.com CC: blaise(a)gmail.com, dcavalca(a)fb.com, epel-packagers-sig(a)lists.fedoraproject.org, fedora(a)famillecollet.com, jhorak(a)redhat.com, luya_tfz(a)thefinalzone.net, michel(a)michel-slm.name, ngompa13(a)gmail.com, pampelmuse(a)gmx.at, sergio(a)serjux.com, troy(a)troycurtisjr.com Target Milestone: --- Classification: Other A heap-buffer-overflow flaw was found in PushShortPixel function of quantum-private.h References: https://github.com/ImageMagick/ImageMagick/issues/4974 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2067022

1 year, 7 months

1
10
0 / 0

[Bug 2111245] New: dd_rescue-1.99.12 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2111245 Bug ID: 2111245 Summary: dd_rescue-1.99.12 is available Product: Fedora Version: rawhide Status: NEW Component: dd_rescue Keywords: FutureFeature, Triaged Assignee: rebus(a)seznam.cz Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: andreas(a)bawue.net, epel-packagers-sig(a)lists.fedoraproject.org, rebus(a)seznam.cz, rhbugs(a)n-dimensional.de, steve(a)silug.org, susi.lehtola(a)iki.fi Target Milestone: --- Classification: Fedora Releases retrieved: 1.99.12 Upstream release that is considered latest: 1.99.12 Current version/release in rawhide: 1.99.11-4.fc37 URL: http://www.garloff.de/kurt/linux/ddrescue/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/406/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/dd_rescue -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2111245

1 year, 7 months

1
3
0 / 0

[Bug 2105033] New: CVE-2022-2097 openssl3: openssl: AES OCB fails to encrypt some bytes [epel-8]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105033 Bug ID: 2105033 Summary: CVE-2022-2097 openssl3: openssl: AES OCB fails to encrypt some bytes [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: mcascell(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-8. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105033

1 year, 7 months

1
5
0 / 0

[Bug 2099970] New: CVE-2022-2068 openssl3: openssl: the c_rehash script allows command injection [epel-8]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2099970 Bug ID: 2099970 Summary: CVE-2022-2068 openssl3: openssl: the c_rehash script allows command injection [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: mrehak(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-8. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2099970

1 year, 7 months

1
5
0 / 0

2024

2023

2022

2021

Epel-packagers-sig August 2022