It was discovered that LibRaw incorrectly handled photo files. If a user or
automated system were tricked into processing a specially crafted photo
file, a remote attacker could cause applications linked against LibRaw to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
samba-4.15.11-0.fc35
Update to version 4.15.11 – Security fixes for CVE-2022-3437
nodejs-16.18.1-1.fc35
November 2022 Security Updates
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/
September Security Updates for Node.js
Update to Node.js 16.17.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.17.0
Fix dependency typo
Update to 16.15.0
Update to Node.js 16.14.1
Note that we will be skipping 16.14.2 since the only changes were in the bundled copy of OpenSSL, which we do not use. The relevant security patches are handled in Fedora’s openssl package.
nodejs-18.12.1-1.fc37
November 2022 Security Updates
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/
Update to 18.10.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.10.0
September Security Updates for Node.js
Update to 18.9.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.9.0
nodejs-16.18.1-1.fc36
November 2022 Security Updates
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/
September Security Updates for Node.js
Update to Node.js 16.17.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.17.0
Fix dependency typo
Update to 16.15.0
Update to Node.js 16.14.1
Note that we will be skipping 16.14.2 since the only changes were in the bundled copy of OpenSSL, which we do not use. The relevant security patches are handled in Fedora’s openssl package.
In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module.
etcd-3.5.5-1.fc38~bootstrap
Automatic update for etcd-3.5.5-1.fc38~bootstrap.
* Sun Nov 6 2022 Robert-André Mauchin <zebob.m@gmail.com> 3.5.5-1
– Bootstrap
* Wed Aug 10 2022 Maxwell G <gotmax@e.email> 3.5.0-11
– Rebuild to fix FTBFS
* Wed Aug 10 2022 Maxwell G <gotmax@e.email> 3.5.0-10
– Rebuild to fix FTBFS
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> 3.5.0-9
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax@e.email> 3.5.0-8
– Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
* Thu Jun 23 2022 Maxwell G <gotmax@e.email> 3.5.0-7
– Rebuild to mitigate CVE-2022-21698 (rhbz#2067400).
* Sun Jun 19 2022 Robert-André Mauchin <zebob.m@gmail.com> 3.5.0-6
– Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327,
CVE-2022-27191, CVE-2022-29526, CVE-2022-30629
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> 3.5.0-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
android-tools-33.0.3p1-2.fc35
Merge branch ‘rawhide’ into f35
Security fix for CVE-2022-20128 CVE-2022-3168
android-tools-33.0.3p1-1.fc36
Update to 33.0.3p1
Security fix for CVE-2022-20128 CVE-2022-3168
android-tools-33.0.3p1-1.fc37
Update to 33.0.3p1
Security fix for CVE-2022-20128 CVE-2022-3168
