golang-1.18.4-1.fc37
Automatic update for golang-1.18.4-1.fc37.
* Wed Jul 13 2022 Alejandro Sáez <asm@redhat.com> – 1.18.4-1
– Update to 1.18.4
* Sun Jun 19 2022 Robert-André Mauchin <zebob.m@gmail.com> – 1.18.3-2
– Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
osbuild-composer-57-1.fc35
Update osbuild-composer to the latest version
golang-1.18.4-1.fc36
go1.18.4 includes security fixes to the compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs, net/http, and path/filepath packages, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the runtime/metrics package.
xorg-x11-server-Xwayland-21.1.4-2.fc35
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
xorg-x11-server-Xwayland-22.1.3-1.fc36
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
xorg-x11-server-1.20.14-7.fc35
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
xorg-x11-server-1.20.14-7.fc36
Security fix for CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.
grafana-9.0.2-2.fc37
Automatic update for grafana-9.0.2-2.fc37.
* Wed Jul 13 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.2-2
– use systemd-sysusers to create the Grafana user and group
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the “sandboxed” context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code.
