https://bugzilla.redhat.com/show_bug.cgi?id=2196197
Bug ID: 2196197
Summary: CVE-2023-31047 python-django3: python-django:
Potential bypass of validation when uploading multiple
files using one form field [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: python-django3
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: michel(a)michel-slm.name
Reporter: ybuenos(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2192565
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2196197
https://bugzilla.redhat.com/show_bug.cgi?id=2192902
Bug ID: 2192902
Summary: python-django3-3.2.19 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-django3
Keywords: FutureFeature, Triaged
Assignee: michel(a)michel-slm.name
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
Releases retrieved: 3.2.19
Upstream release that is considered latest: 3.2.19
Current version/release in rawhide: 3.2.18-1.fc39
URL: https://pypi.python.org/pypi/Django
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/336334/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-django3
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2192902
https://bugzilla.redhat.com/show_bug.cgi?id=2185885
Bug ID: 2185885
Summary: python-django3 cannot be used to substitute
python-django
Product: Fedora
Version: rawhide
Status: NEW
Component: python-django3
Assignee: michel(a)michel-slm.name
Reporter: lzaoral(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
Description of problem: python-django3 cannot be used to substitute
python-django
Version-Release number of selected component (if applicable): All available
releases for Fedora and EPEL.
How reproducible: always
Steps to Reproduce:
Run `dnf install python3-django3 python3-kobo-django`
Actual results:
Error:
Problem: package python3-kobo-django-0.19.0-2.el8.noarch requires
python3-django >= 1.6, but none of the providers can be installed
- package python3-django3-3.2.18-1.el8.noarch conflicts with python3-django
provided by python3-django-2.2.24-1.el8.noarch
- conflicting requests
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use
not only best candidate packages)
Expected results:
Both packages install and coexist without any issues.
Additional info:
The spec is missing a respective `Provides:` declaration.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2185885
https://bugzilla.redhat.com/show_bug.cgi?id=2185715
Bug ID: 2185715
Summary: CVE-2023-1906 ImageMagick: heap-based buffer overflow
in ImportMultiSpectralQuantum() in
MagickCore/quantum-import.c [fedora-all]
Product: Fedora
Version: 37
Status: NEW
Component: ImageMagick
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: luya_tfz(a)thefinalzone.net
Reporter: trathi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: blaise(a)gmail.com, davide(a)cavalca.name,
epel-packagers-sig(a)lists.fedoraproject.org,
fedora(a)famillecollet.com, luya_tfz(a)thefinalzone.net,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
pampelmuse(a)gmx.at, sergio(a)serjux.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2185714
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2185715
https://bugzilla.redhat.com/show_bug.cgi?id=2196051
Bug ID: 2196051
Summary: python-fsspec-2023.5.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-fsspec
Keywords: FutureFeature, Triaged
Assignee: quantum.analyst(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
jonathan(a)almalinux.org,
python-packagers-sig(a)lists.fedoraproject.org,
quantum.analyst(a)gmail.com
Target Milestone: ---
Classification: Fedora
Releases retrieved: 2023.5.0
Upstream release that is considered latest: 2023.5.0
Current version/release in rawhide: 2023.4.0-1.fc39
URL: https://github.com/intake/filesystem_spec
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/21932/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-fsspec
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2196051
https://bugzilla.redhat.com/show_bug.cgi?id=2185716
Bug ID: 2185716
Summary: CVE-2023-1906 ImageMagick: heap-based buffer overflow
in ImportMultiSpectralQuantum() in
MagickCore/quantum-import.c [epel-8]
Product: Fedora EPEL
Version: epel8
Status: NEW
Component: ImageMagick
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: luya_tfz(a)thefinalzone.net
Reporter: trathi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: blaise(a)gmail.com, davide(a)cavalca.name,
epel-packagers-sig(a)lists.fedoraproject.org,
fedora(a)famillecollet.com, luya_tfz(a)thefinalzone.net,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
pampelmuse(a)gmx.at, sergio(a)serjux.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2185714
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2185716
https://bugzilla.redhat.com/show_bug.cgi?id=2196644
Bug ID: 2196644
Summary: CVE-2023-30861 python-flask: flask: Possible
disclosure of permanent session cookie due to missing
Vary: Cookie header [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: python-flask
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: fzatlouk(a)redhat.com
Reporter: mbenatto(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: danielmyoung(a)gmail.com,
epel-packagers-sig(a)lists.fedoraproject.org,
fzatlouk(a)redhat.com, hushan.jia(a)gmail.com,
karlthered(a)gmail.com, patrick(a)puiterwijk.org,
python-packagers-sig(a)lists.fedoraproject.org,
tdawson(a)redhat.com, tflink(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2196643
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2196644
https://bugzilla.redhat.com/show_bug.cgi?id=2196196
Bug ID: 2196196
Summary: CVE-2023-31047 python-django3: python-django:
Potential bypass of validation when uploading multiple
files using one form field [epel-all]
Product: Fedora EPEL
Version: epel8
Status: NEW
Component: python-django3
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: michel(a)michel-slm.name
Reporter: ybuenos(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2192565
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2196196