The following builds have been pushed to Fedora EPEL 7 updates-testing
golang-1.17.10-1.el7
libeatmydata-130-4.el7
Details about builds:
================================================================================
golang-1.17.10-1.el7 (FEDORA-EPEL-2022-453673a4ea)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Update to 1.17.10, Security fix for CVE-2022-24921, CVE-2022-28327,
CVE-2022-24675, and CVE-2022-29526
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 30 2022 Dave Dykstra <[email protected]> - 1.17.10-1
- Update to 1.17.10 by cherry-picking the commit from centos8-stream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a
deeply nested expression
https://bugzilla.redhat.com/show_bug.cgi?id=2064857
[ 2 ] Bug #2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow
in Decode
https://bugzilla.redhat.com/show_bug.cgi?id=2077688
[ 3 ] Bug #2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by
oversized scalar
https://bugzilla.redhat.com/show_bug.cgi?id=2077689
[ 4 ] Bug #2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong
group
https://bugzilla.redhat.com/show_bug.cgi?id=2084085
--------------------------------------------------------------------------------
================================================================================
libeatmydata-130-4.el7 (FEDORA-EPEL-2022-e9c461b01e)
Library and utilities designed to disable fsync and friends
--------------------------------------------------------------------------------
Update Information:
https://bugzilla.redhat.com/show_bug.cgi?id=2099313 fix which is:
`/usr/libexec/eatmydata.sh` points to `/usr/lib/libeatmydata` rather than
`/usr/lib64` ``` $ eatmydata sleep 1 eatmydata error: could not find eatmydata
library /usr/lib/libeatmydata.so ``` i.e. the noarch build of the `eatmydata`
package was incorrect.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 11 2022 Stewart Smith <[email protected]> - 130-4
- Fix Summary
- Build eatmydata per-arch as script contains arch specific dirs
See https://bugzilla.redhat.com/show_bug.cgi?id=2099313
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2099313 - eatmydata error: could not find eatmydata library
/usr/lib/libeatmydata.so
https://bugzilla.redhat.com/show_bug.cgi?id=2099313
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
