Fedora EPEL 7 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-eeac45f79c   clamav-0.103.7-1.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    golang-1.17.12-1.el7
    proftpd-1.3.5e-12.el7

Details about builds:


================================================================================
 golang-1.17.12-1.el7 (FEDORA-EPEL-2022-ced30d9530)
 The Go Programming Language
--------------------------------------------------------------------------------
Update Information:

Update to 1.17.12, security fixes for CVE-2022-30629, CVE-2022-1705,
CVE-2022-32148, CVE-2022-30631, CVE-2022-28131, CVE-2022-30633, CVE-2022-30632,
CVE-2022-30635, CVE-2022-30630, CVE-2022-1962
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug  1 2022 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 1.17.12-1
- Update to 1.17.12 by doing the equivalent changes as centos8-stream.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
        https://bugzilla.redhat.com/show_bug.cgi?id=2092793
  [ 2 ] Bug #2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
        https://bugzilla.redhat.com/show_bug.cgi?id=2107342
  [ 3 ] Bug #2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
        https://bugzilla.redhat.com/show_bug.cgi?id=2107371
  [ 4 ] Bug #2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
        https://bugzilla.redhat.com/show_bug.cgi?id=2107374
  [ 5 ] Bug #2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
        https://bugzilla.redhat.com/show_bug.cgi?id=2107376
  [ 6 ] Bug #2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
        https://bugzilla.redhat.com/show_bug.cgi?id=2107383
  [ 7 ] Bug #2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
        https://bugzilla.redhat.com/show_bug.cgi?id=2107386
  [ 8 ] Bug #2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
        https://bugzilla.redhat.com/show_bug.cgi?id=2107388
  [ 9 ] Bug #2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
        https://bugzilla.redhat.com/show_bug.cgi?id=2107390
  [ 10 ] Bug #2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
        https://bugzilla.redhat.com/show_bug.cgi?id=2107392
--------------------------------------------------------------------------------


================================================================================
 proftpd-1.3.5e-12.el7 (FEDORA-EPEL-2022-2eb0ae90f4)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

This update contains a fix for mod_vroot that prevents it from hiding some files
under some circumstances when DefaultRoot is used.   *
https://github.com/proftpd/proftpd/issues/1491  *
https://github.com/Castaglia/proftpd-mod_vroot/pull/37  *
https://bugzilla.redhat.com/show_bug.cgi?id=2104972
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug  1 2022 Paul Howarth <paul@xxxxxxxxxxxx> - 1.3.5e-12
- Fix unexpected filtering behaviour with mod_vroot (#2104972, GH#1491)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2104972 - proftpd hides entries in root directory beginning with a DefaultRoot value
        https://bugzilla.redhat.com/show_bug.cgi?id=2104972
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux