April 2024 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2126816] New: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all]
by bugzilla＠redhat.com 26 Feb '25

26 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126816 Bug ID: 2126816 Summary: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all] Product: Fedora Version: 36 Status: NEW Component: man2html Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: sergio(a)serjux.com Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126816

1 6

[Bug 2126815] New: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all]
by bugzilla＠redhat.com 26 Feb '25

26 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126815 Bug ID: 2126815 Summary: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: man2html Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: sergio(a)serjux.com Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126815

1 3

[Bug 2097004] New: stalonetray-0.8.4 is available
by bugzilla＠redhat.com 13 Feb '25

13 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2097004 Bug ID: 2097004 Summary: stalonetray-0.8.4 is available Product: Fedora Version: rawhide Status: NEW Component: stalonetray Keywords: FutureFeature, Triaged Assignee: fedora(a)me.benboeckel.net Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, fedora(a)me.benboeckel.net Target Milestone: --- Classification: Fedora Releases retrieved: 0.8.4 Upstream release that is considered latest: 0.8.4 Current version/release in rawhide: 0.8.3-16.fc36 URL: https://github.com/kolbusa/stalonetray Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/5713/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/stalonetray -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2097004

1 4

[Bug 2264929] New: rb_libtorrent-2.0.10 is available
by bugzilla＠redhat.com 09 Feb '25

09 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2264929 Bug ID: 2264929 Summary: rb_libtorrent-2.0.10 is available Product: Fedora Version: rawhide Status: NEW Component: rb_libtorrent Keywords: FutureFeature, Triaged Assignee: mike(a)cchtml.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, me(a)fale.io, mike(a)cchtml.com Target Milestone: --- Classification: Fedora Releases retrieved: 2.0.10 Upstream release that is considered latest: 2.0.10 Current version/release in rawhide: 2.0.9-6.fc40 URL: http://libtorrent.org Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/4166/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/rb_libtorrent -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2264929 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 11

[Bug 2261327] New: libiodbc: FTBFS in Fedora rawhide/f40
by bugzilla＠redhat.com 24 Jan '25

24 Jan '25

https://bugzilla.redhat.com/show_bug.cgi?id=2261327 Bug ID: 2261327 Summary: libiodbc: FTBFS in Fedora rawhide/f40 Product: Fedora Version: rawhide Status: NEW Component: libiodbc Assignee: rdieter(a)gmail.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, rdieter(a)gmail.com Blocks: 2231791 (F40FTBFS) Target Milestone: --- Classification: Fedora libiodbc failed to build from source in Fedora rawhide/f40 https://koji.fedoraproject.org/koji/taskinfo?taskID=112314667 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild Please fix libiodbc at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, libiodbc will be orphaned. Before branching of Fedora 41, libiodbc will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2231791 [Bug 2231791] Fedora 40 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2261327 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 6

[Bug 2261897] New: python-setuptools-git-versioning-1.13.6 is available
by bugzilla＠redhat.com 22 Jan '25

22 Jan '25

https://bugzilla.redhat.com/show_bug.cgi?id=2261897 Bug ID: 2261897 Summary: python-setuptools-git-versioning-1.13.6 is available Product: Fedora Version: rawhide Status: NEW Component: python-setuptools-git-versioning Keywords: FutureFeature, Triaged Assignee: sanjay.ankur(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org CC: code(a)musicinmybrain.net, epel-packagers-sig(a)lists.fedoraproject.org, neuro-sig(a)lists.fedoraproject.org, sanjay.ankur(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 1.13.6 Upstream release that is considered latest: 1.13.6 Current version/release in rawhide: 1.13.5-4.fc40 URL: https://pypi.org/project/setuptools-git-versioning/1.1.2 Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/119596/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-setuptools-git-versioning -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2261897 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 13

[Bug 2219490] New: python-wsgi_intercept-1.12.1 is available
by bugzilla＠redhat.com 14 Jan '25

14 Jan '25

https://bugzilla.redhat.com/show_bug.cgi?id=2219490 Bug ID: 2219490 Summary: python-wsgi_intercept-1.12.1 is available Product: Fedora Version: rawhide Status: NEW Component: python-wsgi_intercept Keywords: FutureFeature, Triaged Assignee: chkumar(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: apevec(a)redhat.com, chkumar(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, openstack-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 1.12.1 Upstream release that is considered latest: 1.12.1 Current version/release in rawhide: 1.12.0-1.fc39 URL: https://github.com/cdent/wsgi-intercept Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/7512/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-wsgi_intercept -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2219490 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 13

[Bug 2275416] New: golang-x-vuln-1.1.0 is available
by bugzilla＠redhat.com 13 Jan '25

13 Jan '25

https://bugzilla.redhat.com/show_bug.cgi?id=2275416 Bug ID: 2275416 Summary: golang-x-vuln-1.1.0 is available Product: Fedora Version: rawhide Status: NEW Component: golang-x-vuln Keywords: FutureFeature, Triaged Assignee: asm(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org CC: asm(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 1.1.0 Upstream release that is considered latest: 1.1.0 Current version/release in rawhide: 0-0.4.20230221git6ad3e3d.fc39 URL: https://github.com/golang/vuln Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/368700/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/golang-x-vuln -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2275416 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 14

[Bug 2069364] New: CVE-2021-43085 openssl: Insecure permissions vulnerability due to an error in the implementation of the CMAC_Final() function
by bugzilla＠redhat.com 09 Jan '25

09 Jan '25

https://bugzilla.redhat.com/show_bug.cgi?id=2069364 Bug ID: 2069364 Summary: CVE-2021-43085 openssl: Insecure permissions vulnerability due to an error in the implementation of the CMAC_Final() function Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: aos-bugs(a)redhat.com, asoldano(a)redhat.com, bbaranow(a)redhat.com, bdettelb(a)redhat.com, berrange(a)redhat.com, bmaxwell(a)redhat.com, bootloader-eng-team(a)redhat.com, brian.stansberry(a)redhat.com, caswilli(a)redhat.com, cdewolf(a)redhat.com, cfergeau(a)redhat.com, chazlett(a)redhat.com, crobinso(a)redhat.com, crypto-team(a)lists.fedoraproject.org, csutherl(a)redhat.com, darran.lofthouse(a)redhat.com, dbelyavs(a)redhat.com, dhalasz(a)redhat.com, dkreling(a)redhat.com, dkuc(a)redhat.com, dosoudil(a)redhat.com, dueno(a)redhat.com, elima(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, erik-fedora(a)vanpienbroek.nl, f4bug(a)amsat.org, fjansen(a)redhat.com, fjuma(a)redhat.com, fmartine(a)redhat.com, gparvin(a)redhat.com, gzaronik(a)redhat.com, iweiss(a)redhat.com, jburrell(a)redhat.com, jclere(a)redhat.com, jkoehler(a)redhat.com, jochrist(a)redhat.com, jramanat(a)redhat.com, jwong(a)redhat.com, jwon(a)redhat.com, kaycoth(a)redhat.com, krathod(a)redhat.com, kraxel(a)redhat.com, ktietz(a)redhat.com, lgao(a)redhat.com, marcandre.lureau(a)redhat.com, michal.skrivanek(a)redhat.com, michel(a)michel-slm.name, micjohns(a)redhat.com, mjg59(a)srcf.ucam.org, mosmerov(a)redhat.com, mperina(a)redhat.com, msochure(a)redhat.com, mspacek(a)redhat.com, msvehla(a)redhat.com, mturk(a)redhat.com, njean(a)redhat.com, nobody(a)redhat.com, nwallace(a)redhat.com, pahickey(a)redhat.com, pbonzini(a)redhat.com, pjindal(a)redhat.com, pjones(a)redhat.com, pmackay(a)redhat.com, redhat-bugzilla(a)linuxnetz.de, rfreiman(a)redhat.com, rharwood(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, rstancel(a)redhat.com, rsvoboda(a)redhat.com, sahana(a)redhat.com, sbonazzo(a)redhat.com, smaestri(a)redhat.com, stcannon(a)redhat.com, sthirugn(a)redhat.com, szappis(a)redhat.com, tmeszaro(a)redhat.com, tm(a)t8m.info, tom.jenkinson(a)redhat.com, virt-maint(a)lists.fedoraproject.org, virt-maint(a)redhat.com, vkrizan(a)redhat.com, vkumar(a)redhat.com, vmugicag(a)redhat.com Target Milestone: --- Classification: Other An Insecure Permissions vulnerability exists in the OpenSSL Project 3.0 due to an error in the implementation of the CMAC_Final() function. Upstream issue: https://github.com/openssl/openssl/issues/16873 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2069364

1 4

[Bug 2246791] New: python-constantly-23.10.4 is available
by bugzilla＠redhat.com 04 Jan '25

04 Jan '25

https://bugzilla.redhat.com/show_bug.cgi?id=2246791 Bug ID: 2246791 Summary: python-constantly-23.10.4 is available Product: Fedora Version: rawhide Status: NEW Component: python-constantly Keywords: FutureFeature, Triaged Assignee: jonathan(a)almalinux.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, python-packagers-sig(a)lists.fedoraproject.org, zebob.m(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 23.10.4 Upstream release that is considered latest: 23.10.4 Current version/release in rawhide: 15.1.0-28.fc39 URL: https://github.com/twisted/constantly Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/19031/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-constantly -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246791 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 8

2026

2025

2024

2023

2022

2021

Epel-packagers-sig April 2024