https://bugzilla.redhat.com/show_bug.cgi?id=2173706
Bug ID: 2173706
Summary: CVE-2021-438450 CVE-2021-438451 CVE-2022-217221
CVE-2022-247541 CVE-2022-247542 CVE-2022-247631
CVE-2022-247633 CVE-2022-247641 CVE-2022-247644
CVE-2022-247931 CVE-2022-247935 asterisk: pjsip:
Multiple Vulnerabilities [fedora-all]
Product: Fedora
Version: 37
Status: NEW
Component: asterisk
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jsmith.fedora(a)gmail.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bennie.joubert(a)jsdaav.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jsmith.fedora(a)gmail.com, rbryant(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2173705
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2173706
https://bugzilla.redhat.com/show_bug.cgi?id=2173701
Bug ID: 2173701
Summary: CVE-2021-41141 CVE-2021-43845 CVE-2022-24754
CVE-2022-24763 CVE-2022-24786 CVE-2022-24792
CVE-2022-24793 asterisk: pjsip: Multiple
vulnerabilities [fedora-all]
Product: Fedora
Version: 37
Status: NEW
Component: asterisk
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jsmith.fedora(a)gmail.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bennie.joubert(a)jsdaav.com,
epel-packagers-sig(a)lists.fedoraproject.org,
jsmith.fedora(a)gmail.com, rbryant(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2173699
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2173701
https://bugzilla.redhat.com/show_bug.cgi?id=2173204
Bug ID: 2173204
Summary: [abrt] gnome-calendar: g_type_check_instance_cast():
gnome-calendar killed by SIGSEGV
Product: Fedora
Version: 37
Hardware: x86_64
Status: NEW
Whiteboard: abrt_hash:097a7df52881ab113babff5506fdfdc0bb63e8d1;VAR
IANT_ID=workstation;
Component: gnome-calendar
Assignee: gnome-sig(a)lists.fedoraproject.org
Reporter: mohamed.b.baig(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
igor.raits(a)gmail.com, klember(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Clicked to future day from the left nav then clicked back on today's date
Version-Release number of selected component:
gnome-calendar-43.1-3.fc37
Additional info:
reporter: libreport-2.17.4
backtrace_rating: 4
cgroup:
0::/user.slice/user-1000.slice/user@1000.service/app.slice/dbus-:1.2-org.gnome.Calendar@0.service
cmdline: /usr/bin/gnome-calendar --gapplication-service
crash_function: g_type_check_instance_cast
executable: /usr/bin/gnome-calendar
journald_cursor:
s=829bd94ca3fa4b64af263b98ea52b01f;i=da28c;b=5b2b156c38514bbe8228dc075ef7c8fa;m=2747c93f6;t=5f575d1e7b057;x=8f8db0b61ac96f1c
kernel: 6.1.13-200.fc37.x86_64
rootdir: /
runlevel: N 5
type: CCpp
uid: 1000
Truncated backtrace:
Thread no. 1 (7 frames)
#0 g_type_check_instance_cast at ../gobject/gtype.c:4122
#1 gcal_agenda_view_remove_event at ../src/gui/views/gcal-agenda-view.c:586
#2 remove_event_from_subscriber at ../src/core/gcal-timeline.c:228
#3 timeline_source_dispatch at ../src/core/gcal-timeline.c:717
#6 g_main_context_iterate.constprop.0 at ../glib/gmain.c:4238
#7 g_main_context_iteration at ../glib/gmain.c:4303
#8 g_application_run at ../gio/gapplication.c:2571
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2173204
https://bugzilla.redhat.com/show_bug.cgi?id=2170263
Bug ID: 2170263
Summary: CVE-2023-23934 python-werkzeug: cookie prefixed with =
can shadow unprefixed cookie [fedora-all]
Product: Fedora
Version: 37
Status: NEW
Component: python-werkzeug
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: fzatlouk(a)redhat.com
Reporter: askrabec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: aurelien(a)bompard.org, danielmyoung(a)gmail.com,
epel-packagers-sig(a)lists.fedoraproject.org,
fzatlouk(a)redhat.com, karlthered(a)gmail.com,
python-packagers-sig(a)lists.fedoraproject.org,
tdawson(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2170243
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2170263
https://bugzilla.redhat.com/show_bug.cgi?id=2170259
Bug ID: 2170259
Summary: CVE-2023-25577 python-werkzeug: high resource usage
when parsing multipart form data with many fields
[fedora-all]
Product: Fedora
Version: 37
Status: NEW
Component: python-werkzeug
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: fzatlouk(a)redhat.com
Reporter: askrabec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: aurelien(a)bompard.org, danielmyoung(a)gmail.com,
epel-packagers-sig(a)lists.fedoraproject.org,
fzatlouk(a)redhat.com, karlthered(a)gmail.com,
python-packagers-sig(a)lists.fedoraproject.org,
tdawson(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2170242
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2170259
https://bugzilla.redhat.com/show_bug.cgi?id=2163254
Bug ID: 2163254
Summary: CVE-2022-41717 golang-x-tools: golang: net/http: An
attacker can cause excessive memory growth in a Go
server accepting HTTP/2 requests [fedora-all]
Product: Fedora
Version: 37
Status: NEW
Component: golang-x-tools
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: zebob.m(a)gmail.com
Reporter: ahanwate(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
go-sig(a)lists.fedoraproject.org, zebob.m(a)gmail.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2161274
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2163254
https://bugzilla.redhat.com/show_bug.cgi?id=2241718
Bug ID: 2241718
Summary: python-jedi-0.19.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-jedi
Keywords: FutureFeature, Triaged
Assignee: lbalhar(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: carl(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
lbalhar(a)redhat.com, phracek(a)redhat.com,
python-packagers-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Releases retrieved: 0.19.1
Upstream release that is considered latest: 0.19.1
Current version/release in rawhide: 0.19.0-1.fc39
URL: https://pypi.python.org/pypi/jedi
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/3893/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-jedi
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2241718
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2257906
Bug ID: 2257906
Summary: python-nbconvert-7.14.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-nbconvert
Keywords: FutureFeature, Triaged
Assignee: lbalhar(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
jonathan(a)almalinux.org, lbalhar(a)redhat.com,
mhroncok(a)redhat.com,
python-packagers-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Releases retrieved: 7.14.1
Upstream release that is considered latest: 7.14.1
Current version/release in rawhide: 7.14.0-1.fc40
URL: https://jupyter.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/10522/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-nbconvert
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2257906
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…