FEDORA-2023-abb47e24d8 — security update for gmailctl

stable

gmailctl-0.10.6-2.fc36

FEDORA-2023-abb47e24d8 created by fuller a week ago for Fedora 36

Rebuild for CVE-20220-{3064,41717,41723}

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2023-abb47e24d8

This update has been submitted for testing by fuller.

a week ago

This update's test gating status has been changed to 'ignored'.

a week ago

fuller commented & provided feedback a week ago

CVE Bugs were not opened specifically against this version, but rebuilding just in case

fuller edited this update.

a week ago

This update has been pushed to testing.

a week ago

This update has been submitted for stable by bodhi.

a day ago

This update has been pushed to stable.

17 hours ago

Please login to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

ignored

Builds

gmailctl-0.10.6-2.fc36

Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

a week ago

in testing

a week ago

in stable

17 hours ago

modified

a week ago

approved

a day ago

BZ#2161274 CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

BZ#2163073 CVE-2022-41717 cri-o:1.21/cri-tools: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all]

BZ#2163094 CVE-2022-41717 gmailctl: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all]

BZ#2163544 CVE-2022-3064 gmailctl: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [fedora-all]

BZ#2178358 CVE-2022-41723 golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

BZ#2178434 CVE-2022-41723 gmailctl: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [fedora-all]

gmailctl-0.10.6-2.fc36

Automated Test Results

ignored