[Bug 2279666] CVE-2024-34069 google-roboto-mono-fonts: python-werkzeug: user may execute code on a developer's machine [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2279666 Link Dupont changed: What|Removed |Added Resolution|--- |NOTABUG Status|NEW |CLOSED Last Closed||2024-05-08 09:46:48 --- Comment #2 from Link Dupont --- google-roboto-mono-fonts does list python-workzeug in its upstream requirements.txt, however Fedora's package does not use Python to build the fonts locally. The pre-built upstream fonts are installed directly. Therefore, google-roboto-mono-fonts is not affected by this CVE. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2279666 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202279666%23c2 -- ___ fonts-bugs mailing list -- fonts-bugs@lists.fedoraproject.org To unsubscribe send an email to fonts-bugs-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/fonts-bugs@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2279666] CVE-2024-34069 google-roboto-mono-fonts: python-werkzeug: user may execute code on a developer's machine [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2279666 Anten Skrabec changed: What|Removed |Added Blocks||2279451 (CVE-2024-34069) Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2279451 [Bug 2279451] CVE-2024-34069 python-werkzeug: user may execute code on a developer's machine -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2279666 -- ___ fonts-bugs mailing list -- fonts-bugs@lists.fedoraproject.org To unsubscribe send an email to fonts-bugs-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/fonts-bugs@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Bug 2279666] CVE-2024-34069 google-roboto-mono-fonts: python-werkzeug: user may execute code on a developer's machine [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2279666 --- Comment #1 from Anten Skrabec --- Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. = # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=high # testing, stable request=testing # Bug numbers: 1234,9876 bugs=2279451,2279666 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False == Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2279666 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla=report-spam_desc=Report%20of%20Bug%202279666%23c1 -- ___ fonts-bugs mailing list -- fonts-bugs@lists.fedoraproject.org To unsubscribe send an email to fonts-bugs-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/fonts-bugs@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue