March 2024 - Epel-packagers-sig - Fedora Mailing-Lists

[Bug 2219382] New: TRIAGE-CVE-2023-36053 python-django3: python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2219382 Bug ID: 2219382 Summary: TRIAGE-CVE-2023-36053 python-django3: python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2218004 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2219382 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month, 2 weeks

1
5
0 / 0

[Bug 2267653] New: CVE-2024-27351 python-django3: python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2267653 Bug ID: 2267653 Summary: CVE-2024-27351 python-django3: python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: btarraso(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2266045 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2267653 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month, 2 weeks

1
6
0 / 0

[Bug 2237869] New: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2237869 Bug ID: 2237869 Summary: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2237258 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2237869 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month, 2 weeks

1
6
0 / 0

[Bug 2261557] New: python-eventlet: FTBFS in Fedora rawhide/f40

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2261557 Bug ID: 2261557 Summary: python-eventlet: FTBFS in Fedora rawhide/f40 Product: Fedora Version: rawhide Status: NEW Component: python-eventlet Assignee: kevin(a)scrye.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: apevec(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, igor.raits(a)gmail.com, kevin(a)scrye.com, python-packagers-sig(a)lists.fedoraproject.org Blocks: 2231791 (F40FTBFS) Target Milestone: --- Classification: Fedora python-eventlet failed to build from source in Fedora rawhide/f40 https://koji.fedoraproject.org/koji/taskinfo?taskID=112384994 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild Please fix python-eventlet at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, python-eventlet will be orphaned. Before branching of Fedora 41, python-eventlet will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2231791 [Bug 2231791] Fedora 40 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2261557 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month, 2 weeks

1
7
0 / 0

[Bug 2267720] New: CVE-2024-2002 libdwarf: crashes randomly on fuzzed object [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2267720 Bug ID: 2267720 Summary: CVE-2024-2002 libdwarf: crashes randomly on fuzzed object [fedora-all] Product: Fedora Version: 39 Status: NEW Component: libdwarf Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: tom(a)compton.nu Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, orion(a)nwra.com, tom(a)compton.nu Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2267700 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2267720 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month, 2 weeks

1
5
0 / 0

[Bug 2262864] New: F40FailsToInstall: python3-vdirsyncer

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2262864 Bug ID: 2262864 Summary: F40FailsToInstall: python3-vdirsyncer Product: Fedora Version: rawhide Status: NEW Component: vdirsyncer Assignee: astra(a)ionic.at Reporter: fti-bugs(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: astra(a)ionic.at, epel-packagers-sig(a)lists.fedoraproject.org, fedora(a)me.benboeckel.net, michele(a)acksyn.org, michel(a)michel-slm.name Blocks: 2231790 (F40FailsToInstall) Target Milestone: --- Classification: Fedora Hello, Please note that this comment was generated automatically by https://pagure.io/releng/blob/main/f/scripts/ftbfs-fti/follow-policy.py If you feel that this output has mistakes, please open an issue at https://pagure.io/releng/ Your package (vdirsyncer) Fails To Install in Fedora 40: can't install python3-vdirsyncer: - nothing provides (python3.12dist(aiostream) < 0.5~~ with python3.12dist(aiostream) >= 0.4.3) needed by python3-vdirsyncer-0.19.2-1.fc40.noarch If you know about this problem and are planning on fixing it, please acknowledge so by setting the bug status to ASSIGNED. If you don't have time to maintain this package, consider orphaning it, so maintainers of dependent packages realize the problem. If you don't react accordingly to the policy for FTBFS/FTI bugs (https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai...), your package may be orphaned in 8+ weeks. P.S. The data was generated solely from koji buildroot, so it might be newer than the latest compose or the content on mirrors. To reproduce, use the koji/local repo only, e.g. in mock: $ mock -r fedora-40-x86_64 --config-opts mirrored=False install python3-vdirsyncer P.P.S. If this bug has been reported in the middle of upgrading multiple dependent packages, please consider using side tags: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter... Thanks! Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2231790 [Bug 2231790] Fedora 40 Fails To install Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2262864 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month, 2 weeks

1
5
0 / 0

[Bug 2269074] New: python-shortuuid-1.0.13 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2269074 Bug ID: 2269074 Summary: python-shortuuid-1.0.13 is available Product: Fedora Version: rawhide Status: NEW Component: python-shortuuid Keywords: FutureFeature, Triaged Assignee: michel(a)michel-slm.name Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, ngompa13(a)gmail.com, python-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 1.0.13 Upstream release that is considered latest: 1.0.13 Current version/release in rawhide: 1.0.12-2.fc41 URL: https://github.com/stochastic-technologies/shortuuid/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/12823/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-shortuuid -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2269074 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month, 2 weeks

1
16
0 / 0

[Bug 2249227] New: spdlog headers are broken

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2249227 Bug ID: 2249227 Summary: spdlog headers are broken Product: Fedora Version: 38 Status: NEW Component: spdlog Assignee: vitaly(a)easycoding.org Reporter: susi.lehtola(a)iki.fi QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, logans(a)cottsay.net, thunderbirdtr(a)fedoraproject.org, vitaly(a)easycoding.org Target Milestone: --- Classification: Fedora Description of problem: spdlog header files are broken. The failure can be triggered by trying to compile the test program hello.cpp: #include <spdlog/spdlog.h> int main(void) { std::cout << "Hello world!\n"; return 0; } $ g++ hello.cpp In file included from /usr/include/spdlog/common.h:45, from /usr/include/spdlog/spdlog.h:12, from hello.cpp:1: /usr/include/spdlog/fmt/fmt.h:27:14: fatal error: spdlog/fmt/bundled/core.h: No such file or directory 27 | # include <spdlog/fmt/bundled/core.h> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. Version-Release number of selected component (if applicable): $ rpm -q spdlog spdlog-1.11.0-5.fc38.x86_64 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2249227 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month, 2 weeks

1
4
0 / 0

[Bug 2264580] New: python-rasterio-1.4a1 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2264580 Bug ID: 2264580 Summary: python-rasterio-1.4a1 is available Product: Fedora Version: rawhide Status: NEW Component: python-rasterio Keywords: FutureFeature, Triaged Assignee: quantum.analyst(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, python-packagers-sig(a)lists.fedoraproject.org, quantum.analyst(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 1.4a1 Upstream release that is considered latest: 1.4a1 Current version/release in rawhide: 1.3.9-4.fc40 URL: https://github.com/mapbox/rasterio Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/17437/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-rasterio -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2264580 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month, 2 weeks

1
2
0 / 0

[Bug 2260992] New: asio: FTBFS in Fedora rawhide/f40

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2260992 Bug ID: 2260992 Summary: asio: FTBFS in Fedora rawhide/f40 Product: Fedora Version: rawhide Status: NEW Component: asio Assignee: belegdol(a)gmail.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: belegdol(a)gmail.com, davide(a)cavalca.name, epel-packagers-sig(a)lists.fedoraproject.org, me(a)fale.io, uwog(a)uwog.net Blocks: 2231791 (F40FTBFS) Target Milestone: --- Classification: Fedora asio failed to build from source in Fedora rawhide/f40 https://koji.fedoraproject.org/koji/taskinfo?taskID=112194840 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild Please fix asio at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, asio will be orphaned. Before branching of Fedora 41, asio will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2231791 [Bug 2231791] Fedora 40 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2260992 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month, 3 weeks

1
5
0 / 0

2024

2023

2022

2021

Epel-packagers-sig March 2024