[EPEL-devel] Fedora EPEL 7 updates-testing report

updates Mon, 01 Aug 2022 18:26:33 -0700

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-eeac45f79c   
clamav-0.103.7-1.el7



The following builds have been pushed to Fedora EPEL 7 updates-testing

    golang-1.17.12-1.el7
    proftpd-1.3.5e-12.el7

Details about builds:


================================================================================
 golang-1.17.12-1.el7 (FEDORA-EPEL-2022-ced30d9530)
 The Go Programming Language
--------------------------------------------------------------------------------
Update Information:

Update to 1.17.12, security fixes for CVE-2022-30629, CVE-2022-1705,
CVE-2022-32148, CVE-2022-30631, CVE-2022-28131, CVE-2022-30633, CVE-2022-30632,
CVE-2022-30635, CVE-2022-30630, CVE-2022-1962
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug  1 2022 Dave Dykstra <d...@fedoraproject.org> - 1.17.12-1
- Update to 1.17.12 by doing the equivalent changes as centos8-stream.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack 
random ticket_age_add
        https://bugzilla.redhat.com/show_bug.cgi?id=2092793
  [ 2 ] Bug #2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion 
in Reader.Read
        https://bugzilla.redhat.com/show_bug.cgi?id=2107342
  [ 3 ] Bug #2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
        https://bugzilla.redhat.com/show_bug.cgi?id=2107371
  [ 4 ] Bug #2107374 - CVE-2022-1705 golang: net/http: improper sanitization of 
Transfer-Encoding header
        https://bugzilla.redhat.com/show_bug.cgi?id=2107374
  [ 5 ] Bug #2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all 
Parse* functions
        https://bugzilla.redhat.com/show_bug.cgi?id=2107376
  [ 6 ] Bug #2107383 - CVE-2022-32148 golang: net/http/httputil: 
NewSingleHostReverseProxy - omit X-Forwarded-For not working
        https://bugzilla.redhat.com/show_bug.cgi?id=2107383
  [ 7 ] Bug #2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion 
in Glob
        https://bugzilla.redhat.com/show_bug.cgi?id=2107386
  [ 8 ] Bug #2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in 
Decoder.Decode
        https://bugzilla.redhat.com/show_bug.cgi?id=2107388
  [ 9 ] Bug #2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in 
Decoder.Skip
        https://bugzilla.redhat.com/show_bug.cgi?id=2107390
  [ 10 ] Bug #2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion 
in Unmarshal
        https://bugzilla.redhat.com/show_bug.cgi?id=2107392
--------------------------------------------------------------------------------


================================================================================
 proftpd-1.3.5e-12.el7 (FEDORA-EPEL-2022-2eb0ae90f4)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

This update contains a fix for mod_vroot that prevents it from hiding some files
under some circumstances when DefaultRoot is used.   *
https://github.com/proftpd/proftpd/issues/1491  *
https://github.com/Castaglia/proftpd-mod_vroot/pull/37  *
https://bugzilla.redhat.com/show_bug.cgi?id=2104972
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug  1 2022 Paul Howarth <p...@city-fan.org> - 1.3.5e-12
- Fix unexpected filtering behaviour with mod_vroot (#2104972, GH#1491)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2104972 - proftpd hides entries in root directory beginning with a 
DefaultRoot value
        https://bugzilla.redhat.com/show_bug.cgi?id=2104972
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[EPEL-devel] Fedora EPEL 7 updates-testing report

Reply via email to