April 2024 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2268272] New: TRIAGE CVE-2024-2236 mingw-libgcrypt: libgcrypt: timing based side-channel in RSA implementation [fedora-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2268272 Bug ID: 2268272 Summary: TRIAGE CVE-2024-2236 mingw-libgcrypt: libgcrypt: timing based side-channel in RSA implementation [fedora-all] Product: Fedora Version: 39 Status: NEW Component: mingw-libgcrypt Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: cfergeau(a)redhat.com, elima(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, marcandre.lureau(a)redhat.com, rjones(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2268268 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2268272 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 13

[Bug 2267266] New: TRIAGE CVE-2024-27285 rubygem-asciidoctor: yard: Cross-site scripting in the frams.erb template file [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2267266 Bug ID: 2267266 Summary: TRIAGE CVE-2024-27285 rubygem-asciidoctor: yard: Cross-site scripting in the frams.erb template file [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: rubygem-asciidoctor Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: dan.j.allen(a)gmail.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dan.j.allen(a)gmail.com, epel-packagers-sig(a)lists.fedoraproject.org, logans(a)cottsay.net, mjg(a)fedoraproject.org Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2267244 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2267266 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2255041] New: CVE-2023-48795 dropbear: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all]
by bugzilla＠redhat.com 11 Mar '25

11 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2255041 Bug ID: 2255041 Summary: CVE-2023-48795 dropbear: ssh: Prefix truncation attack on Binary Packet Protocol (BPP) [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: dropbear Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: fede(a)evolware.org Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: buytenh(a)wantstofly.org, epel-packagers-sig(a)lists.fedoraproject.org, fede(a)evolware.org, i(a)cicku.me Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254210 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2255041 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2265770] New: python-tosca-parser-2.10.0 is available
by bugzilla＠redhat.com 07 Mar '25

07 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2265770 Bug ID: 2265770 Summary: python-tosca-parser-2.10.0 is available Product: Fedora Version: rawhide Status: NEW Component: python-tosca-parser Keywords: FutureFeature, Triaged Assignee: chkumar(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: chkumar(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jakub.ruzicka(a)nic.cz, jpena(a)redhat.com, openstack-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 2.10.0 Upstream release that is considered latest: 2.10.0 Current version/release in rawhide: 2.9.1-3.fc40 URL: https://github.com/openstack/tosca-parser Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/7439/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-tosca-parser -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2265770 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 19

[Bug 2274021] New: TRIAGE CVE-2024-2511 openssl3: openssl: Unbounded memory growth with session handling in TLSv1.3 [epel-all]
by bugzilla＠redhat.com 02 Mar '25

02 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2274021 Bug ID: 2274021 Summary: TRIAGE CVE-2024-2511 openssl3: openssl: Unbounded memory growth with session handling in TLSv1.3 [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: mbenatto(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2274020 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2274021 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2259950] New: TRIAGE CVE-2024-0727 openssl3: openssl: denial of service via null dereference [epel-all]
by bugzilla＠redhat.com 02 Mar '25

02 Mar '25

https://bugzilla.redhat.com/show_bug.cgi?id=2259950 Bug ID: 2259950 Summary: TRIAGE CVE-2024-0727 openssl3: openssl: denial of service via null dereference [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: rgatica(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2259944 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2259950 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2126075] New: CVE-2021-40648 sys-apps/man2html: multiple vulnerabilities
by bugzilla＠redhat.com 26 Feb '25

26 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126075 Bug ID: 2126075 Summary: CVE-2021-40648 sys-apps/man2html: multiple vulnerabilities Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: ybuenos(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Other CVE-2021-40648: In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory. https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126075

1 8

[Bug 2126816] New: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all]
by bugzilla＠redhat.com 26 Feb '25

26 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126816 Bug ID: 2126816 Summary: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all] Product: Fedora Version: 36 Status: NEW Component: man2html Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: sergio(a)serjux.com Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126816

1 6

[Bug 2126815] New: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all]
by bugzilla＠redhat.com 26 Feb '25

26 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2126815 Bug ID: 2126815 Summary: CVE-2021-40648 man2html: sys-apps/man2html: multiple vulnerabilities [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: man2html Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: sergio(a)serjux.com Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, orion(a)nwra.com, sergio(a)serjux.com, tchollingsworth(a)gmail.com, viktor.vix.jancik(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2126815

1 3

[Bug 2097004] New: stalonetray-0.8.4 is available
by bugzilla＠redhat.com 13 Feb '25

13 Feb '25

https://bugzilla.redhat.com/show_bug.cgi?id=2097004 Bug ID: 2097004 Summary: stalonetray-0.8.4 is available Product: Fedora Version: rawhide Status: NEW Component: stalonetray Keywords: FutureFeature, Triaged Assignee: fedora(a)me.benboeckel.net Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, fedora(a)me.benboeckel.net Target Milestone: --- Classification: Fedora Releases retrieved: 0.8.4 Upstream release that is considered latest: 0.8.4 Current version/release in rawhide: 0.8.3-16.fc36 URL: https://github.com/kolbusa/stalonetray Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/5713/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/stalonetray -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2097004

1 4

2025

2024

2023

2022

2021

Epel-packagers-sig April 2024