-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-ab291ca614 2023-06-26 00:40:45.470173 -------------------------------------------------------------------------------- Name : wabt Product : Fedora 38 Version : 1.0.33 Release : 1.fc38 URL : https://github.com/WebAssembly/wabt Summary : The WebAssembly Binary Toolkit Description : WABT (we pronounce it "wabbit") is a suite of tools for WebAssembly. These tools are intended for use in (or for development of) toolchains or other systems that want to manipulate WebAssembly files. Unlike the WebAssembly spec interpreter (which is written to be as simple, declarative and "speccy" as possible), they are written in C/C++ and designed for easier integration into other systems. Unlike Binaryen these tools do not aim to provide an optimization platform or a higher-level compiler target; instead they aim for full fidelity and compliance with the spec (e.g. 1:1 round-trips with no changes to instructions). -------------------------------------------------------------------------------- Update Information: Latest stable release. Full upstream changelog: https://github.com/WebAssembly/wabt/compare/1.0.32...1.0.33 . Fixes CVE-2023-27116, CVE-2023-30300 and CVE-2023-31669. -------------------------------------------------------------------------------- ChangeLog: * Thu May 25 2023 Dominik Mierzejewski <dominik@xxxxxxxxxxxxxx> 1.0.33-1 - update to 1.0.33 (#2203483) - drop obsolete patch - disable failing tests on aarch64 and ppc64le (reported upstream) - fix running tests on i686 - disable failing wasm2c tests on s390x (big endian not supported upstream) - fix deprecated patchN macro usage * Sat Jan 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.32-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2171755 - wabt: FTBFS in Fedora rawhide/f38 https://bugzilla.redhat.com/show_bug.cgi?id=2171755 [ 2 ] Bug #2179300 - CVE-2023-27116 wabt: webassembly: an abort in CWriter::MangleType. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2179300 [ 3 ] Bug #2193028 - CVE-2023-30300 wabt: wasm2c hangs on certain inputs and cannot finish execution for a while [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2193028 [ 4 ] Bug #2203483 - wabt-1.0.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=2203483 [ 5 ] Bug #2209423 - CVE-2023-31669 wabt: Crash in libc++abi.dylib [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2209423 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-ab291ca614' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue