April 2024 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2267655] New: CVE-2024-27351 python-django3: python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() [fedora-all]
by bugzilla＠redhat.com 19 Apr '24

19 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2267655 Bug ID: 2267655 Summary: CVE-2024-27351 python-django3: python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() [fedora-all] Product: Fedora Version: 39 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: btarraso(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2266045 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2267655 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2263506] New: CVE-2024-24680 python-django3: Django: denial-of-service in ``intcomma`` template filter [fedora-all]
by bugzilla＠redhat.com 19 Apr '24

19 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2263506 Bug ID: 2263506 Summary: CVE-2024-24680 python-django3: Django: denial-of-service in ``intcomma`` template filter [fedora-all] Product: Fedora Version: 39 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: btarraso(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2261856 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2263506 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2242181] New: CVE-2023-43665 python-django3: python-django: Denial-of-service possibility in django.utils.text.Truncator [fedora-all]
by bugzilla＠redhat.com 19 Apr '24

19 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2242181 Bug ID: 2242181 Summary: CVE-2023-43665 python-django3: python-django: Denial-of-service possibility in django.utils.text.Truncator [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2241046 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2242181 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2237871] New: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [fedora-all]
by bugzilla＠redhat.com 19 Apr '24

19 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2237871 Bug ID: 2237871 Summary: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2237258 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2237871 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2219382] New: TRIAGE-CVE-2023-36053 python-django3: python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all]
by bugzilla＠redhat.com 19 Apr '24

19 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2219382 Bug ID: 2219382 Summary: TRIAGE-CVE-2023-36053 python-django3: python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2218004 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2219382 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2267653] New: CVE-2024-27351 python-django3: python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() [epel-all]
by bugzilla＠redhat.com 19 Apr '24

19 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2267653 Bug ID: 2267653 Summary: CVE-2024-27351 python-django3: python-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: btarraso(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2266045 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2267653 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2237869] New: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [epel-all]
by bugzilla＠redhat.com 19 Apr '24

19 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2237869 Bug ID: 2237869 Summary: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2237258 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2237869 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2261557] New: python-eventlet: FTBFS in Fedora rawhide/f40
by bugzilla＠redhat.com 19 Apr '24

19 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2261557 Bug ID: 2261557 Summary: python-eventlet: FTBFS in Fedora rawhide/f40 Product: Fedora Version: rawhide Status: NEW Component: python-eventlet Assignee: kevin(a)scrye.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: apevec(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, igor.raits(a)gmail.com, kevin(a)scrye.com, python-packagers-sig(a)lists.fedoraproject.org Blocks: 2231791 (F40FTBFS) Target Milestone: --- Classification: Fedora python-eventlet failed to build from source in Fedora rawhide/f40 https://koji.fedoraproject.org/koji/taskinfo?taskID=112384994 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild Please fix python-eventlet at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, python-eventlet will be orphaned. Before branching of Fedora 41, python-eventlet will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2231791 [Bug 2231791] Fedora 40 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2261557 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 7

[Bug 2273617] New: pl-9.2.3 is available
by bugzilla＠redhat.com 19 Apr '24

19 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2273617 Bug ID: 2273617 Summary: pl-9.2.3 is available Product: Fedora Version: rawhide Status: NEW Component: pl Keywords: FutureFeature, Triaged Assignee: loganjerry(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: bagnara(a)cs.unipr.it, epel-packagers-sig(a)lists.fedoraproject.org, loganjerry(a)gmail.com, pampelmuse(a)gmx.at Target Milestone: --- Classification: Fedora Releases retrieved: 9.2.3 Upstream release that is considered latest: 9.2.3 Current version/release in rawhide: 9.2.2-1.fc41 URL: http://www.swi-prolog.org/download/stable Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/3653/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/pl -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2273617 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

[Bug 2273293] New: python-matplotlib-3.8.4 is available
by bugzilla＠redhat.com 19 Apr '24

19 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2273293 Bug ID: 2273293 Summary: python-matplotlib-3.8.4 is available Product: Fedora Version: rawhide Status: NEW Component: python-matplotlib Keywords: FutureFeature, Triaged Assignee: quantum.analyst(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, paulo.cesar.pereira.de.andrade(a)gmail.com, python-packagers-sig(a)lists.fedoraproject.org, quantum.analyst(a)gmail.com, tomspur(a)fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 3.8.4 Upstream release that is considered latest: 3.8.4 Current version/release in rawhide: 3.8.3-1.fc41 URL: https://matplotlib.org Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/3919/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-matplotlib -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2273293 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

2025

2024

2023

2022

2021

Epel-packagers-sig April 2024