https://bugzilla.redhat.com/show_bug.cgi?id=2276800
Bug ID: 2276800
Summary: CVE-2024-32875 hugo: title arguments in Markdown for
links and images not escaped in internal render hooks
[fedora-all]
Product: Fedora
Version: 40
Status: NEW
Component: hugo
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: athoscribeiro(a)gmail.com
Reporter: rkeshri(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: athoscribeiro(a)gmail.com,
epel-packagers-sig(a)lists.fedoraproject.org,
go-sig(a)lists.fedoraproject.org, neil(a)shrug.pw,
quantum.analyst(a)gmail.com, redhat(a)flyn.org
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2276799
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2276800
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2270130
Bug ID: 2270130
Summary: Tests fail with pytest-asyncio 0.23.5.post1
Product: Fedora
Version: rawhide
OS: Linux
Status: NEW
Component: python-autobahn
Severity: medium
Assignee: jujens(a)jujens.eu
Reporter: gui1ty(a)penguinpee.nl
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
jujens(a)jujens.eu, mail(a)fabian-affolter.ch
Target Milestone: ---
Classification: Fedora
I'd like to get `pytest-asyncio` updated to 0.23.5.post1. The smoke test[1]
showed tests in `autobahn` failing using the updated package.
I also briefly tried switching to twisted for testing, but that also failed and
I didn't pursuit that further.
[1]
https://src.fedoraproject.org/rpms/python-pytest-asyncio/pull-request/6#com…
Reproducible: Always
Steps to Reproduce:
1. Build in a repo with updated `pytest-asyncio`[2]
Actual Results:
Tests are failing with "RuntimeError: Event loop is closed"
Expected Results:
Tests succeed as before
[2] e.g.: https://copr.fedorainfracloud.org/coprs/gui1ty/Spyder5/build/7177716/
That's for F39 for unrelated reasons. But the same happens in rawhide (see
Lumír's Copr).
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2270130
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2276553
Bug ID: 2276553
Summary: Clicking in Hamburger menu causes calendar to scroll
up
Product: Fedora
Version: 39
Hardware: x86_64
OS: Linux
Status: NEW
Component: gnome-calendar
Severity: medium
Assignee: gnome-sig(a)lists.fedoraproject.org
Reporter: steve8988(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
igor.raits(a)gmail.com, klember(a)redhat.com
Target Milestone: ---
Classification: Fedora
In the GNOME calendar app, when clicking on the hamburger menu on the left or
scrolling through the menu items (using either mouse or keyboard), each click
or scroll causes the calendar to scroll up.
Reproducible: Always
Steps to Reproduce:
1. Open calendar app in GNOME
2. Click on the hamburger menu in left panel and randomly scroll through each
menu item
3. Watch calendar scroll up on its own
Actual Results:
The calendar scrolls up on its own each time a menu item is selected (via mouse
or keyboard)
Expected Results:
Unless this is a feature, it shouldn't scroll the calendar up when selecting
something from the menu.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2276553
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2273566
Bug ID: 2273566
Summary: python-atpublic fails to build with pytest 8:
TypeError: FixtureManager.getfixtureclosure() missing
1 required positional argument: 'ignore_args'
Product: Fedora
Version: rawhide
Status: NEW
Component: python-atpublic
Assignee: aurelien(a)bompard.org
Reporter: thrnciar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: aurelien(a)bompard.org,
epel-packagers-sig(a)lists.fedoraproject.org,
jonathan(a)almalinux.org, mhroncok(a)redhat.com,
thrnciar(a)redhat.com
Blocks: 2256331
Target Milestone: ---
Link ID: Gitlab warsaw/public/-/issues/20
Classification: Fedora
python-atpublic fails to build with pytest 8.
==================================== ERRORS
====================================
_______________________ ERROR collecting docs/using.rst
________________________
/usr/lib/python3.12/site-packages/sybil/integration/pytest.py:49: in __init__
self.request_fixtures(sybil.fixtures)
/usr/lib/python3.12/site-packages/sybil/integration/pytest.py:54: in
request_fixtures
closure = fm.getfixtureclosure(names, self)
E TypeError: FixtureManager.getfixtureclosure() missing 1 required positional
argument: 'ignore_args'
During handling of the above exception, another exception occurred:
/usr/lib/python3.12/site-packages/sybil/integration/pytest.py:118: in collect
yield SybilItem.from_parent(self, sybil=self.sybil, example=example)
/usr/lib/python3.12/site-packages/_pytest/nodes.py:237: in from_parent
return cls._create(parent=parent, **kw)
/usr/lib/python3.12/site-packages/_pytest/nodes.py:129: in _create
return super().__call__(*k, **known_kw) # type: ignore[no-any-return,misc]
/usr/lib/python3.12/site-packages/sybil/integration/pytest.py:49: in __init__
self.request_fixtures(sybil.fixtures)
/usr/lib/python3.12/site-packages/sybil/integration/pytest.py:54: in
request_fixtures
closure = fm.getfixtureclosure(names, self)
E TypeError: FixtureManager.getfixtureclosure() missing 1 required positional
argument: 'ignore_args'
=============================== warnings summary
===============================
../../../../usr/lib/python3.12/site-packages/sybil/document.py:3
/usr/lib/python3.12/site-packages/sybil/document.py:3: DeprecationWarning:
ast.Str is deprecated and will be removed in Python 3.14; use ast.Constant
instead
from ast import AsyncFunctionDef, FunctionDef, ClassDef, Module, Expr, Str,
Constant
../../../../usr/lib/python3.12/site-packages/_pytest/nodes.py:120
/usr/lib/python3.12/site-packages/_pytest/nodes.py:120:
PytestDeprecationWarning: <class 'sybil.integration.pytest.SybilItem'> is not
using a cooperative constructor and only takes {'sybil', 'example', 'parent'}.
See
https://docs.pytest.org/en/stable/deprecations.html#constructors-of-custom-…
for more details.
warnings.warn(
-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
=========================== short test summary info
============================
ERROR docs/using.rst - TypeError: FixtureManager.getfixtureclosure() missing
...
!!!!!!!!!!!!!!!!!!!! Interrupted: 1 error during collection
!!!!!!!!!!!!!!!!!!!!
========================= 2 warnings, 1 error in 0.07s
=========================
I'm getting the same error also with the latest released version 4.1.0.
https://docs.pytest.org/en/stable/changelog.html
For the build logs, see:
https://copr-be.cloud.fedoraproject.org/results/thrnciar/pytest/fedora-rawh…
For all our attempts to build python-atpublic with pytest 8, see:
https://copr.fedorainfracloud.org/coprs/thrnciar/pytest/package/python-atpu…
Let us know here if you have any questions.
Pytest 8 is planned to be included in Fedora 41. And this bugzilla is a
heads up before we merge new pytest into rawhide. For more info see a Fedora
Change
proposal https://fedoraproject.org/wiki/Changes/Pytest_8
We'd appreciate help from the people who know this package best,
but if you don't want to work on this now, let us know so we can try to work
around it on our side.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2256331
[Bug 2256331] pytest-8.1.1 is available
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2273566
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2267655
Bug ID: 2267655
Summary: CVE-2024-27351 python-django3: python-django:
Potential regular expression denial-of-service in
django.utils.text.Truncator.words() [fedora-all]
Product: Fedora
Version: 39
Status: NEW
Component: python-django3
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: michel(a)michel-slm.name
Reporter: btarraso(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2266045
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2267655
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2263506
Bug ID: 2263506
Summary: CVE-2024-24680 python-django3: Django:
denial-of-service in ``intcomma`` template filter
[fedora-all]
Product: Fedora
Version: 39
Status: NEW
Component: python-django3
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: michel(a)michel-slm.name
Reporter: btarraso(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2261856
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2263506
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…