January 2024 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2257656] New: CVE-2023-47993 freeimage: out-of-bound read vulnerability in ReadInt32 [epel-all]
by bugzilla＠redhat.com 10 Jan '24

10 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2257656 Bug ID: 2257656 Summary: CVE-2023-47993 freeimage: out-of-bound read vulnerability in ReadInt32 [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2257650 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2257656 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2257660] New: CVE-2023-47997 freeimage: infinite loop exits in Load in PluginTIFF.cpp [epel-all]
by bugzilla＠redhat.com 10 Jan '24

10 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2257660 Bug ID: 2257660 Summary: CVE-2023-47997 freeimage: infinite loop exits in Load in PluginTIFF.cpp [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2257654 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2257660 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2257657] New: CVE-2023-47992 freeimage: integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc() [epel-all]
by bugzilla＠redhat.com 10 Jan '24

10 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2257657 Bug ID: 2257657 Summary: CVE-2023-47992 freeimage: integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc() [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2257649 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2257657 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2257658] New: CVE-2023-47994 freeimage: integer overflow in LoadPixelDataRLE4() function in PluginBMP.cpp [epel-all]
by bugzilla＠redhat.com 10 Jan '24

10 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2257658 Bug ID: 2257658 Summary: CVE-2023-47994 freeimage: integer overflow in LoadPixelDataRLE4() function in PluginBMP.cpp [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: freeimage Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: hobbes1069(a)gmail.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bruno(a)wolff.to, epel-packagers-sig(a)lists.fedoraproject.org, hobbes1069(a)gmail.com, i(a)cicku.me, manisandro(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2257651 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2257658 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2257309] New: ipython-8.20.0 is available
by bugzilla＠redhat.com 10 Jan '24

10 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2257309 Bug ID: 2257309 Summary: ipython-8.20.0 is available Product: Fedora Version: rawhide Status: NEW Component: ipython Keywords: FutureFeature, Triaged Assignee: lbalhar(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, lbalhar(a)redhat.com, mhroncok(a)redhat.com, michel(a)michel-slm.name, mrunge(a)redhat.com, orion(a)nwra.com, python-packagers-sig(a)lists.fedoraproject.org, tomspur(a)fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 8.20.0 Upstream release that is considered latest: 8.20.0 Current version/release in rawhide: 8.19.0-1.fc40 URL: https://ipython.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/1399/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/ipython -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2257309 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2176164] New: zbar fails to build with Python 3.12: error: 'PyLongObject' {aka 'struct _longobject'} has no member named 'ob_digit'
by bugzilla＠redhat.com 09 Jan '24

09 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2176164 Bug ID: 2176164 Summary: zbar fails to build with Python 3.12: error: 'PyLongObject' {aka 'struct _longobject'} has no member named 'ob_digit' Product: Fedora Version: rawhide Status: NEW Component: zbar Assignee: gwync(a)protonmail.com Reporter: thrnciar(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, mhroncok(a)redhat.com, mr.marcelo.barbosa(a)gmail.com, negativo17(a)gmail.com, thrnciar(a)redhat.com Blocks: 2135404 (PYTHON3.12) Target Milestone: --- Classification: Fedora zbar fails to build with Python 3.12.0a5. In file included from /usr/include/python3.12/Python.h:44, from python/zbarmodule.h:24, from python/enum.c:24: python/enum.c: In function 'enumitem_new': /usr/include/python3.12/object.h:179:68: warning: passing argument 2 of 'Py_SET_SIZE' makes integer from pointer without a cast [-Wint-conversion] 179 | # define Py_SET_SIZE(ob, size) Py_SET_SIZE(_PyVarObject_CAST(ob), (size)) | ^~~~~~ | | | PyLongObject * {aka struct _longobject *} python/enum.c:61:5: note: in expansion of macro 'Py_SET_SIZE' 61 | Py_SET_SIZE(&self->val, longval); | ^~~~~~~~~~~ /usr/include/python3.12/object.h:175:60: note: expected 'Py_ssize_t' {aka 'long int'} but argument is of type 'PyLongObject *' {aka 'struct _longobject *'} 175 | static inline void Py_SET_SIZE(PyVarObject *ob, Py_ssize_t size) { | ~~~~~~~~~~~^~~~ python/enum.c:62:14: error: 'PyLongObject' {aka 'struct _longobject'} has no member named 'ob_digit' 62 | self->val.ob_digit[0] = longval->ob_digit[0]; | ^ python/enum.c:62:36: error: 'PyLongObject' {aka 'struct _longobject'} has no member named 'ob_digit' 62 | self->val.ob_digit[0] = longval->ob_digit[0]; | ^~ python/enum.c: In function 'zbarEnumItem_New': /usr/include/python3.12/object.h:179:68: warning: passing argument 2 of 'Py_SET_SIZE' makes integer from pointer without a cast [-Wint-conversion] 179 | # define Py_SET_SIZE(ob, size) Py_SET_SIZE(_PyVarObject_CAST(ob), (size)) | ^~~~~~ | | | PyLongObject * {aka struct _longobject *} python/enum.c:152:5: note: in expansion of macro 'Py_SET_SIZE' 152 | Py_SET_SIZE(&self->val, longval); | ^~~~~~~~~~~ /usr/include/python3.12/object.h:175:60: note: expected 'Py_ssize_t' {aka 'long int'} but argument is of type 'PyLongObject *' {aka 'struct _longobject *'} 175 | static inline void Py_SET_SIZE(PyVarObject *ob, Py_ssize_t size) { | ~~~~~~~~~~~^~~~ python/enum.c:153:14: error: 'PyLongObject' {aka 'struct _longobject'} has no member named 'ob_digit' 153 | self->val.ob_digit[0] = longval->ob_digit[0]; | ^ python/enum.c:153:36: error: 'PyLongObject' {aka 'struct _longobject'} has no member named 'ob_digit' 153 | self->val.ob_digit[0] = longval->ob_digit[0]; | ^~ GH-101291: Refactor the PyLongObject struct #101292 https://github.com/python/cpython/pull/101292 https://docs.python.org/3.12/whatsnew/3.12.html For the build logs, see: https://copr-be.cloud.fedoraproject.org/results/@python/python3.12/fedora-r… For all our attempts to build zbar with Python 3.12, see: https://copr.fedorainfracloud.org/coprs/g/python/python3.12/package/zbar/ Testing and mass rebuild of packages is happening in copr. You can follow these instructions to test locally in mock if your package builds with Python 3.12: https://copr.fedorainfracloud.org/coprs/g/python/python3.12/ Let us know here if you have any questions. Python 3.12 is planned to be included in Fedora 39. To make that update smoother, we're building Fedora packages with all pre-releases of Python 3.12. A build failure prevents us from testing all dependent packages (transitive [Build]Requires), so if this package is required a lot, it's important for us to get it fixed soon. We'd appreciate help from the people who know this package best, but if you don't want to work on this now, let us know so we can try to work around it on our side. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2135404 [Bug 2135404] Python 3.12 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2176164

1 1

[Bug 2257356] New: golang-x-net-0.20.0 is available
by bugzilla＠redhat.com 09 Jan '24

09 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2257356 Bug ID: 2257356 Summary: golang-x-net-0.20.0 is available Product: Fedora Version: rawhide Status: NEW Component: golang-x-net Keywords: FutureFeature, Triaged Assignee: mark.e.fuller(a)gmx.de Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora Releases retrieved: 0.20.0 Upstream release that is considered latest: 0.20.0 Current version/release in rawhide: 0.19.0-1.fc40 URL: https://github.com/golang/net Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/368696/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/golang-x-net -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2257356 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2257072] New: golang-x-sys-0.16.0 is available
by bugzilla＠redhat.com 06 Jan '24

06 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2257072 Bug ID: 2257072 Summary: golang-x-sys-0.16.0 is available Product: Fedora Version: rawhide Status: NEW Component: golang-x-sys Keywords: FutureFeature, Triaged Assignee: mark.e.fuller(a)gmx.de Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: denis(a)fateyev.com, epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de, robinlee.sysu(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 0.16.0 Upstream release that is considered latest: 0.16.0 Current version/release in rawhide: 0.15.0-1.fc40 URL: https://golang.org/x/sys Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/335970/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/golang-x-sys -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2257072 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2256963] New: liburing-epel should be retired from EPEL9
by bugzilla＠redhat.com 06 Jan '24

06 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2256963 Bug ID: 2256963 Summary: liburing-epel should be retired from EPEL9 Product: Fedora EPEL Version: epel9 Status: NEW Component: liburing-epel Assignee: kkeithle(a)redhat.com Reporter: peter.georg(a)physik.uni-regensburg.de CC: epel-packagers-sig(a)lists.fedoraproject.org, kkeithle(a)redhat.com Target Milestone: --- Classification: Fedora liburing-devel-2.3 has been added to CRB in RHEL 9.3. Hence liburing-epel should be retired (at least for epel9). -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2256963 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2254575] New: python-statsmodels-0.14.1 is available
by bugzilla＠redhat.com 05 Jan '24

05 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2254575 Bug ID: 2254575 Summary: python-statsmodels-0.14.1 is available Product: Fedora Version: rawhide Status: NEW Component: python-statsmodels Keywords: FutureFeature, Triaged Assignee: sergio.pasra(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, sergio.pasra(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 0.14.1 Upstream release that is considered latest: 0.14.1 Current version/release in rawhide: 0.14.0-5.fc40 URL: https://www.statsmodels.org Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/4039/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-statsmodels -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254575 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

2025

2024

2023

2022

2021

Epel-packagers-sig January 2024