stable

3mux-1.1.0-5.fc35, act-1.6.0-6.fc35, & 313 more

FEDORA-2022-3969b64d4b created by gotmax23 11 months ago for Fedora 35

Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs


This contains the result from the mass rebuild in F35 for all packages that require golang and provide binaries to mitigate the following CVEs:

golang itself:

  • CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
  • CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
  • CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently)

CVEs in other golang libraries that affect a subset of Go packages:

  • CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter
  • CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key

Initial import for golang-github-a8m-envsubst Resolves: #2074406


Initial package

Resolves: #2074438


Update to v3.14.0 (close #2105612)


Fix merge


Update to 1.22.1 - Close: #2077577

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2022-3969b64d4b

This update's test gating status has been changed to 'waiting'.

11 months ago

This update has obsoleted golang-github-a8m-envsubst-1.3.0-1.fc35, and has inherited its bugs and notes.

11 months ago

This update has obsoleted golang-github-goccy-yaml-1.9.5-1.fc35, and has inherited its bugs and notes.

11 months ago

This update has obsoleted golang-github-task-3.14.0-1.fc35, and has inherited its bugs and notes.

11 months ago

This update has obsoleted kiln-0.3.1-2.fc35, and has inherited its bugs and notes.

11 months ago

This update has obsoleted powerline-go-1.22.1-1.fc35, and has inherited its bugs and notes.

11 months ago

gotmax23 edited this update.

11 months ago

This update has been submitted for testing by bodhi.

11 months ago

This update's test gating status has been changed to 'failed'.

11 months ago
User Icon robatino commented & provided feedback 11 months ago

@gotmax23 : Please see my comments in FEDORA-2022-9986fbb3d7 concerning the possible failure to fix this CVE in the F36 version (since snapd-2.56.2-1.fc36 was pushed to stable before being replaced by snapd-2.55.3-2.fc36, and most people on stable releases don't check for downgrades).

This update has been pushed to testing.

11 months ago

gotmax23 edited this update.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

This update's test gating status has been changed to 'failed'.

11 months ago
User Icon mikelo2 provided feedback 11 months ago
karma

gotmax23 edited this update.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

This update's test gating status has been changed to 'failed'.

11 months ago

This update's test gating status has been changed to 'waiting'.

11 months ago

This update's test gating status has been changed to 'passed'.

11 months ago

This update can be pushed to stable now if the maintainer wishes

11 months ago

This update has been submitted for stable by gotmax23.

11 months ago

This update has been pushed to stable.

11 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Builds
315
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
11 months ago
in testing
11 months ago
in stable
11 months ago
modified
11 months ago
BZ#2074406 Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go
0
0
BZ#2074438 Review Request: golang-github-goccy-yaml - YAML support for the Go language
0
0
BZ#2077577 powerline-go-1.22.1 is available
0
0
BZ#2105612 golang-github-task-3.14.0 is available
0
0

Automated Test Results

Test Cases

0 0 Test Case age decrypt file
0 0 Test Case age encrypt file