** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
Category Archives: Advisories
python-m2r-0.2.1-12.20190604git66f4a5a.fc37 python-mistune-2.0.4-1.fc37 python-mistune08-0.8.4-7.fc37 python-sphinx-typlog-theme-0.8.0-1.fc37
FEDORA-2022-e4f5866111
Packages in this update:
python-m2r-0.2.1-12.20190604git66f4a5a.fc37
python-mistune08-0.8.4-7.fc37
python-mistune-2.0.4-1.fc37
python-sphinx-typlog-theme-0.8.0-1.fc37
Update description:
updates mistune to 2.0.4
m2r updated to pin dependency to mistune < 2
new package: python-mistune08 compatibility package, to be used by dependents that cannot use the new mistune (namely nbconvert)
new package: python-sphinx-typlog-theme, needed to build mistune 2.x documentation
Compatibility package for mistune 0.8, so we can update mistune to 2x without breaking unported dependents like nbconvert
USN-5674-1: XML Security Library vulnerability
It was discovered that XML Security Library incorrectly handled certain
input documents. An attacker could possibly use this issue to obtain
sensitive information or cause a denial of service.
CVE-2021-20030
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application’s binaries and configuration files.
python3.7-3.7.15-1.fc36
FEDORA-2022-9bca9dd6a5
Packages in this update:
python3.7-3.7.15-1.fc36
Update description:
The release you’re looking at is Python 3.7.15, a security bugfix release for the legacy 3.7 series. https://docs.python.org/release/3.7.15/whatsnew/changelog.html#python-3-7-15-final
USN-5673-1: unzip vulnerabilities
It was discovered that unzip did not properly handle unicode strings under
certain circumstances. If a user were tricked into opening a specially crafted
zip file, an attacker could possibly use this issue to cause unzip to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2021-4217)
It was discovered that unzip did not properly perform bounds checking while
converting wide strings to local strings. If a user were tricked into opening a
specially crafted zip file, an attacker could possibly use this issue to cause
unzip to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-0529, CVE-2022-0530)
python3.7-3.7.15-1.fc35
FEDORA-2022-d7b9733986
Packages in this update:
python3.7-3.7.15-1.fc35
Update description:
The release you’re looking at is Python 3.7.15, a security bugfix release for the legacy 3.7 series. https://docs.python.org/release/3.7.15/whatsnew/changelog.html#python-3-7-15-final
python3.7-3.7.15-1.fc37
FEDORA-2022-843902162d
Packages in this update:
python3.7-3.7.15-1.fc37
Update description:
The release you’re looking at is Python 3.7.15, a security bugfix release for the legacy 3.7 series. https://docs.python.org/release/3.7.15/whatsnew/changelog.html#python-3-7-15-final
python3.8-3.8.15-1.fc37
FEDORA-2022-94bee848e6
Packages in this update:
python3.8-3.8.15-1.fc37
Update description:
The release you’re looking at is Python 3.8.15, a security bugfix release for the legacy 3.8 series. https://docs.python.org/release/3.8.15/whatsnew/changelog.html#python-3-8-15-final
python3.8-3.8.15-1.fc35
FEDORA-2022-bda1ac11c3
Packages in this update:
python3.8-3.8.15-1.fc35
Update description:
The release you’re looking at is Python 3.8.15, a security bugfix release for the legacy 3.8 series. https://docs.python.org/release/3.8.15/whatsnew/changelog.html#python-3-8-15-final