stable

3mux-1.1.0-5.fc35, act-1.6.0-6.fc35, & 313 more

FEDORA-2022-3969b64d4b created by gotmax23 a year ago for Fedora 35

Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs


This contains the result from the mass rebuild in F35 for all packages that require golang and provide binaries to mitigate the following CVEs:

golang itself:

  • CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
  • CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
  • CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently)

CVEs in other golang libraries that affect a subset of Go packages:

  • CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter
  • CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key

Initial import for golang-github-a8m-envsubst Resolves: #2074406


Initial package

Resolves: #2074438


Update to v3.14.0 (close #2105612)


Fix merge


Update to 1.22.1 - Close: #2077577

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-3969b64d4b

This update's test gating status has been changed to 'waiting'.

a year ago

This update has obsoleted golang-github-a8m-envsubst-1.3.0-1.fc35, and has inherited its bugs and notes.

a year ago

This update has obsoleted golang-github-goccy-yaml-1.9.5-1.fc35, and has inherited its bugs and notes.

a year ago

This update has obsoleted golang-github-task-3.14.0-1.fc35, and has inherited its bugs and notes.

a year ago

This update has obsoleted kiln-0.3.1-2.fc35, and has inherited its bugs and notes.

a year ago

This update has obsoleted powerline-go-1.22.1-1.fc35, and has inherited its bugs and notes.

a year ago

gotmax23 edited this update.

a year ago

This update has been submitted for testing by bodhi.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago
User Icon robatino commented & provided feedback a year ago

@gotmax23 : Please see my comments in FEDORA-2022-9986fbb3d7 concerning the possible failure to fix this CVE in the F36 version (since snapd-2.56.2-1.fc36 was pushed to stable before being replaced by snapd-2.55.3-2.fc36, and most people on stable releases don't check for downgrades).

This update has been pushed to testing.

a year ago

gotmax23 edited this update.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago
User Icon mikelo2 provided feedback a year ago
karma

gotmax23 edited this update.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for stable by gotmax23.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Builds
315
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
BZ#2074406 Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go
0
0
BZ#2074438 Review Request: golang-github-goccy-yaml - YAML support for the Go language
0
0
BZ#2077577 powerline-go-1.22.1 is available
0
0
BZ#2105612 golang-github-task-3.14.0 is available
0
0

Automated Test Results

Test Cases

0 0 Test Case age decrypt file
0 0 Test Case age encrypt file