==========================================================================
Ubuntu Security Notice USN-5257-1
January 31, 2022
ldns vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
ldns could be made to expose sensitive information if it received
a specially crafted input.
Software Description:
- ldns: ldns library for DNS programming
Details:
It was discovered that ldns incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-19860, CVE-2020-19861)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libldns2 1.7.0-3ubuntu4.1
Ubuntu 16.04 ESM:
libldns1 1.6.17-8ubuntu0.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5257-1
CVE-2020-19860, CVE-2020-19861
Package Information:
https://launchpad.net/ubuntu/+source/ldns/1.7.0-3ubuntu4.1
Monday, January 31, 2022
Saturday, January 29, 2022
F37 Change: MinGW UCRT target (Self-Contained Change proposal)
https://fedoraproject.org/wiki/Changes/F37MingwUCRT
== Summary ==
This proposal is to add the UCRT target & support from Fedora to the
MinGW cross-toolchains.
== Owner ==
* Name: [[User:elmarco| Marc-André Lureau]]
* Email: marcandre.lureau@redhat.com
== Detailed Description ==
The current mingw32 and mingw64 cross-toolchains provided by Fedora
target the MSVCRT (Microsoft Visual C++ Runtime). Since Visual Studio
15 & Windows 10, the default and recommended runtime is UCRT. See also
[https://www.msys2.org/docs/environments/#msvcrt-vs-ucrt MSVCRT vs
UCRT].
A new toolchain target triple `x86_64-w64-mingw32ucrt` and associated
binaries will be added.
Fedora MinGW macros will be provided to target UCRT, with ucrt64-*
prefix (ex: `ucrt64-meson`)
mingw-* libraries will be progressively adjusted to add the produced
ucrt64-* binaries.
Since mingw-*.spec are very repetitive and cumbersome to modify (each
mingw32, mingw64, ucrt package has to be defined manually, and this is
tedious and error-prone), a custom MinGW/Fedora tool or solution will
be proposed. In the meantime, packages can be modified to add manually
the new target.
[https://lists.fedoraproject.org/archives/list/mingw@lists.fedoraproject.org/thread/JCJCOYRVD2J5UIK5TJXHNVDHNEBZWL43/
UCRT plans on mingw@lists.fedoraproject.org ]
== Benefit to Fedora ==
This change will allow to cross-compile projects to Windows with the
up to date C runtime & headers, and better c99 support. This should
allow to more easily mix binaries produced from different versions or
compilers as well.
== Scope ==
* Proposal owners:
** update the mingw filesystem, binutils, headers, gcc & winpthreads packages
** bootstrap the new toolchain
** propose a solution to simplify library packaging with the different targets
** update some common library packages, such as mingw-zlib
* Other developers:
** Progressively adjust the mingw-* packages to produce ucrt64-
packages, following the updated guidelines.
* Release engineering:
* Policies and guidelines:
https://fedoraproject.org/wiki/Packaging:MinGW packaging guideline
will be adjusted.
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives:
== Upgrade/compatibility impact ==
None
== How To Test ==
<pre>
$ x86_64-w64-mingw32ucrt-gcc test.c
$ /usr/bin/mingw-objdump -p a.exe | grep DLL
vma: Hint Time Forward DLL First
DLL Name: KERNEL32.dll
DLL Name: api-ms-win-crt-time-l1-1-0.dll
DLL Name: api-ms-win-crt-math-l1-1-0.dll
DLL Name: api-ms-win-crt-runtime-l1-1-0.dll
DLL Name: api-ms-win-crt-environment-l1-1-0.dll
DLL Name: api-ms-win-crt-private-l1-1-0.dll
DLL Name: api-ms-win-crt-heap-l1-1-0.dll
DLL Name: api-ms-win-crt-locale-l1-1-0.dll
DLL Name: api-ms-win-crt-stdio-l1-1-0.dll
DLL Name: api-ms-win-crt-string-l1-1-0.dll
</pre>
== User Experience ==
Windows binaries produced by Fedora cross-toolchain will target a more
modern and compatible C runtime, bringing hopefully better
compatibility & safety.
== Dependencies ==
None
== Contingency Plan ==
* Contingency mechanism: N/A (not a System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? No (not a System Wide Change)
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
The new MinGW toolchain and tools are available to compile binaries
targeting the Windows UCRT.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
== Summary ==
This proposal is to add the UCRT target & support from Fedora to the
MinGW cross-toolchains.
== Owner ==
* Name: [[User:elmarco| Marc-André Lureau]]
* Email: marcandre.lureau@redhat.com
== Detailed Description ==
The current mingw32 and mingw64 cross-toolchains provided by Fedora
target the MSVCRT (Microsoft Visual C++ Runtime). Since Visual Studio
15 & Windows 10, the default and recommended runtime is UCRT. See also
[https://www.msys2.org/docs/environments/#msvcrt-vs-ucrt MSVCRT vs
UCRT].
A new toolchain target triple `x86_64-w64-mingw32ucrt` and associated
binaries will be added.
Fedora MinGW macros will be provided to target UCRT, with ucrt64-*
prefix (ex: `ucrt64-meson`)
mingw-* libraries will be progressively adjusted to add the produced
ucrt64-* binaries.
Since mingw-*.spec are very repetitive and cumbersome to modify (each
mingw32, mingw64, ucrt package has to be defined manually, and this is
tedious and error-prone), a custom MinGW/Fedora tool or solution will
be proposed. In the meantime, packages can be modified to add manually
the new target.
[https://lists.fedoraproject.org/archives/list/mingw@lists.fedoraproject.org/thread/JCJCOYRVD2J5UIK5TJXHNVDHNEBZWL43/
UCRT plans on mingw@lists.fedoraproject.org ]
== Benefit to Fedora ==
This change will allow to cross-compile projects to Windows with the
up to date C runtime & headers, and better c99 support. This should
allow to more easily mix binaries produced from different versions or
compilers as well.
== Scope ==
* Proposal owners:
** update the mingw filesystem, binutils, headers, gcc & winpthreads packages
** bootstrap the new toolchain
** propose a solution to simplify library packaging with the different targets
** update some common library packages, such as mingw-zlib
* Other developers:
** Progressively adjust the mingw-* packages to produce ucrt64-
packages, following the updated guidelines.
* Release engineering:
* Policies and guidelines:
https://fedoraproject.org/wiki/Packaging:MinGW packaging guideline
will be adjusted.
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives:
== Upgrade/compatibility impact ==
None
== How To Test ==
<pre>
$ x86_64-w64-mingw32ucrt-gcc test.c
$ /usr/bin/mingw-objdump -p a.exe | grep DLL
vma: Hint Time Forward DLL First
DLL Name: KERNEL32.dll
DLL Name: api-ms-win-crt-time-l1-1-0.dll
DLL Name: api-ms-win-crt-math-l1-1-0.dll
DLL Name: api-ms-win-crt-runtime-l1-1-0.dll
DLL Name: api-ms-win-crt-environment-l1-1-0.dll
DLL Name: api-ms-win-crt-private-l1-1-0.dll
DLL Name: api-ms-win-crt-heap-l1-1-0.dll
DLL Name: api-ms-win-crt-locale-l1-1-0.dll
DLL Name: api-ms-win-crt-stdio-l1-1-0.dll
DLL Name: api-ms-win-crt-string-l1-1-0.dll
</pre>
== User Experience ==
Windows binaries produced by Fedora cross-toolchain will target a more
modern and compatible C runtime, bringing hopefully better
compatibility & safety.
== Dependencies ==
None
== Contingency Plan ==
* Contingency mechanism: N/A (not a System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? No (not a System Wide Change)
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
The new MinGW toolchain and tools are available to compile binaries
targeting the Windows UCRT.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Thursday, January 27, 2022
[CentOS-announce] CESA-2022:0306 Moderate CentOS 7 java-1.8.0-openjdk Security Update
CentOS Errata and Security Advisory 2022:0306 Moderate
Upstream details at : https://access.redhat.com/errata/RHSA-2022:0306
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
dfee136c3e1717a2003cc2ab23a101250a304de173d85ce35e611d5481bc08ef java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.i686.rpm
e9fa16cde65d0d202fe417fb0585d64a534cd25d39e715a1fb32a75e6620e475 java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64.rpm
b62cc8d7fa7e89475ac858e1c622dd266841dcd23fd2841b274d435990854dde java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.i686.rpm
e648ee67624dc2ef09455b433a6f9e43ed3a673d6a32275422c2cd824c5d2e02 java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.x86_64.rpm
5013f655f5321c66d30f6ab553d640e8a1df541105200e36eeae415ca903a7ac java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.i686.rpm
518082fd34ea1c14e44917a04af17aa6e3307369f369dbe369f0fdf4e5b8e1ea java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.x86_64.rpm
7fa5ad9d67b6a38b005e9e2a1e8217c78399fa4a6135965a3d32ed6d2ab0889c java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.i686.rpm
c2800a0089be75b093cde6c6c8289a71707f6b56b3e1e3655e237dd5229856ef java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.x86_64.rpm
a706d40bf0fcf24324c24d5742ca54450b84792752d49ed7af95192bcd3e4527 java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.i686.rpm
a3cd127f94e232f4ccaddd486ee240986e25b65c51ab664b49ec511d5310482c java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.x86_64.rpm
bf1fe8afbf03b29de5f3eba68d356ac251478692658c6449b4cda08c73d4d4f8 java-1.8.0-openjdk-javadoc-1.8.0.322.b06-1.el7_9.noarch.rpm
be582ab129bf0e7739face571fb544ef2d038667883f4d15867fa2c2c302f748 java-1.8.0-openjdk-javadoc-zip-1.8.0.322.b06-1.el7_9.noarch.rpm
eb68e76343740b950f6fb531ed5af6afc884e16c3ca61bdb35b1d2115d73f0c4 java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.i686.rpm
fe81316791b5a33fb6e458bc981914e5a5c7d16da0e818f6b455b94fd257fbd8 java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.x86_64.rpm
Source:
3e0f0fee4c005dc5802a81c33724ac3eb13371f80b8b2cfc230a231d1e41e0b2 java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2022:0306
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
dfee136c3e1717a2003cc2ab23a101250a304de173d85ce35e611d5481bc08ef java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.i686.rpm
e9fa16cde65d0d202fe417fb0585d64a534cd25d39e715a1fb32a75e6620e475 java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64.rpm
b62cc8d7fa7e89475ac858e1c622dd266841dcd23fd2841b274d435990854dde java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.i686.rpm
e648ee67624dc2ef09455b433a6f9e43ed3a673d6a32275422c2cd824c5d2e02 java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el7_9.x86_64.rpm
5013f655f5321c66d30f6ab553d640e8a1df541105200e36eeae415ca903a7ac java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.i686.rpm
518082fd34ea1c14e44917a04af17aa6e3307369f369dbe369f0fdf4e5b8e1ea java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el7_9.x86_64.rpm
7fa5ad9d67b6a38b005e9e2a1e8217c78399fa4a6135965a3d32ed6d2ab0889c java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.i686.rpm
c2800a0089be75b093cde6c6c8289a71707f6b56b3e1e3655e237dd5229856ef java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el7_9.x86_64.rpm
a706d40bf0fcf24324c24d5742ca54450b84792752d49ed7af95192bcd3e4527 java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.i686.rpm
a3cd127f94e232f4ccaddd486ee240986e25b65c51ab664b49ec511d5310482c java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el7_9.x86_64.rpm
bf1fe8afbf03b29de5f3eba68d356ac251478692658c6449b4cda08c73d4d4f8 java-1.8.0-openjdk-javadoc-1.8.0.322.b06-1.el7_9.noarch.rpm
be582ab129bf0e7739face571fb544ef2d038667883f4d15867fa2c2c302f748 java-1.8.0-openjdk-javadoc-zip-1.8.0.322.b06-1.el7_9.noarch.rpm
eb68e76343740b950f6fb531ed5af6afc884e16c3ca61bdb35b1d2115d73f0c4 java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.i686.rpm
fe81316791b5a33fb6e458bc981914e5a5c7d16da0e818f6b455b94fd257fbd8 java-1.8.0-openjdk-src-1.8.0.322.b06-1.el7_9.x86_64.rpm
Source:
3e0f0fee4c005dc5802a81c33724ac3eb13371f80b8b2cfc230a231d1e41e0b2 java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[USN-5255-1] WebKitGTK vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5255-1
January 27, 2022
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.21.10.1
libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.21.10.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5255-1
CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952,
CVE-2021-30953, CVE-2021-30954, CVE-2021-30984
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.4-0ubuntu0.21.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.4-0ubuntu0.20.04.1
Ubuntu Security Notice USN-5255-1
January 27, 2022
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.21.10.1
libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.21.10.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5255-1
CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952,
CVE-2021-30953, CVE-2021-30954, CVE-2021-30984
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.4-0ubuntu0.21.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.4-0ubuntu0.20.04.1
[USN-5064-2] GNU cpio vulnerability
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBGFtaTcBCAC7i3LkbLX6axK/FZfG331/G6eT97Ju85eVZIqGY/99ygs7F7S9
HvQLNBDQQau2dPvzPk0yf9mWYjuwAg833cuVNZdgc/7GeHMqbHHJ1Ah9MEz+AJOc
BOkbImqPL12rqOXQaznPOHLf4ugi+OD2h+1Gljlux/lR/nP95MHVwR3QwwLd7SXL
O35MBMSfUJWKjsCKegpfpq5/ybXrEPipSvkdG4SLcqWL59xdmashpXvn7SuMWgtp
NtjBdA91OJlhKF3oWmTGDuw54IqS19oFjDLHMN3iT2D1IpGC5PH1d5GrUts0iHmi
KKBsGjOAVYdcsFugxNQhhgN0JompSs6w5F5ZABEBAAHNPUNhbWlsYSBDYW1hcmdv
IGRlIE1hdG9zIDxjYW1pbGEuY2FtYXJnb2RlbWF0b3NAY2Fub25pY2FsLmNvbT7C
wI4EEwEKADgWIQQar3pJ0AgljW8idEtvMC0IfoupNgUCYW1pNwIbAwULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRBvMC0IfoupNiL0CACJv5rYXPurE2dsjYBItUzU
7B20CAga6bKVCJAG7yWgVdklzvH9Na5jsK2OtxVN4+f0cqp0mf9XJu97J+nUGbWL
tWC1oGGLPFBRs/QNMij6Eiz27Y/dJUiEt0m/b9Xgz8o+v1QZ4nRhCJtbgsPJZ0N0
92ocGqFqXBYwFr6gLgCmMO3Wy9IYufwxd2hWYLhXGA2EZJdQ4uKDxxhL+o4OxQX2
HIoxnRVwJtCk/WmTGFRuFkwYeu3ZzwUpo+8N3U/D9Q+kSE5pfWGTx03nGVEnnX9b
WirI8d1xfIXaSrOm8FHT6TPuys1rFIYIjXAC4XQn3b0t9EcljggGy6hjbYR0GIcM
zsBNBGFtaTcBCAC1y9pNNb2miT1mzv/eXa8y6e3xabw6aAbEaQLqGR85wdFOEUMm
0PL2pUvlY2JIOSt7KriUx+J4TAceFwO49IgKQ7M1GU/H9S79O0LcBHcqijki6MdT
veRetcrT06FustwlCW4dOT6pL3BMt66ImVU5ghSw/CNNvO6wa6lI/OQiYfw2GcJp
5nU+p5QOlb17+4d68bnYYJYXgrPYb8CvA61Ur3fyNE9ge5LqnPBFTFJP3clsqgD7
l0c6ayCbNJ0nfMFnVyR+jl6GYxaxVlFixRBg120BYcXUUvbxznzaQ2fsSkPRgOS7
/LwAAYDY+pjZqCfnW5L4tjlRwYj5/20uvBkJABEBAAHCwHYEGAEKACAWIQQar3pJ
0AgljW8idEtvMC0IfoupNgUCYW1pNwIbDAAKCRBvMC0IfoupNniJCACLEVEoTBul
d7AsB0uvInyL1U/OEMCeO62pnj4G8HwRmrSHswZsvChEBKCKddkHSVjE28v+gCS3
IzRiKPX+w/IWGGAXMMgBQ0iCOys37WDhA/9vtvIqDPKgM/EIfz8RjZl8OnwF3GBu
z4bIrxKRMwigKaOTHmFlgbXRSDW1mfkRZAcxA2qo4U5OFvqsRHFe0Te8Za8gu2cw
RkjZuoCTcmPFiGAwX68uLooxJ7yonUGS9+Ouc5N1EGE/IvNCRZRrjNDZt+RIZnR7
Vgf0aJ+Tak4YTtJT7DDKlGBqCxWwAnq3Junr7EXM8mMojE6+C1M+Vi2RNZZm9sju
TBAHAHs8HL6a
=VHHn
-----END PGP PUBLIC KEY BLOCK-----
==========================================================================
Ubuntu Security Notice USN-5064-2
January 27, 2022
cpio vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
GNU cpio could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- cpio: a tool to manage archives of files
Details:
USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides
the corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled
certain pattern files. A remote attacker could use this issue to cause cpio
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
cpio 2.11+dfsg-5ubuntu1.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5064-2
https://ubuntu.com/security/notices/USN-5064-1
CVE-2021-38185
xsBNBGFtaTcBCAC7i3LkbLX6axK/FZfG331/G6eT97Ju85eVZIqGY/99ygs7F7S9
HvQLNBDQQau2dPvzPk0yf9mWYjuwAg833cuVNZdgc/7GeHMqbHHJ1Ah9MEz+AJOc
BOkbImqPL12rqOXQaznPOHLf4ugi+OD2h+1Gljlux/lR/nP95MHVwR3QwwLd7SXL
O35MBMSfUJWKjsCKegpfpq5/ybXrEPipSvkdG4SLcqWL59xdmashpXvn7SuMWgtp
NtjBdA91OJlhKF3oWmTGDuw54IqS19oFjDLHMN3iT2D1IpGC5PH1d5GrUts0iHmi
KKBsGjOAVYdcsFugxNQhhgN0JompSs6w5F5ZABEBAAHNPUNhbWlsYSBDYW1hcmdv
IGRlIE1hdG9zIDxjYW1pbGEuY2FtYXJnb2RlbWF0b3NAY2Fub25pY2FsLmNvbT7C
wI4EEwEKADgWIQQar3pJ0AgljW8idEtvMC0IfoupNgUCYW1pNwIbAwULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRBvMC0IfoupNiL0CACJv5rYXPurE2dsjYBItUzU
7B20CAga6bKVCJAG7yWgVdklzvH9Na5jsK2OtxVN4+f0cqp0mf9XJu97J+nUGbWL
tWC1oGGLPFBRs/QNMij6Eiz27Y/dJUiEt0m/b9Xgz8o+v1QZ4nRhCJtbgsPJZ0N0
92ocGqFqXBYwFr6gLgCmMO3Wy9IYufwxd2hWYLhXGA2EZJdQ4uKDxxhL+o4OxQX2
HIoxnRVwJtCk/WmTGFRuFkwYeu3ZzwUpo+8N3U/D9Q+kSE5pfWGTx03nGVEnnX9b
WirI8d1xfIXaSrOm8FHT6TPuys1rFIYIjXAC4XQn3b0t9EcljggGy6hjbYR0GIcM
zsBNBGFtaTcBCAC1y9pNNb2miT1mzv/eXa8y6e3xabw6aAbEaQLqGR85wdFOEUMm
0PL2pUvlY2JIOSt7KriUx+J4TAceFwO49IgKQ7M1GU/H9S79O0LcBHcqijki6MdT
veRetcrT06FustwlCW4dOT6pL3BMt66ImVU5ghSw/CNNvO6wa6lI/OQiYfw2GcJp
5nU+p5QOlb17+4d68bnYYJYXgrPYb8CvA61Ur3fyNE9ge5LqnPBFTFJP3clsqgD7
l0c6ayCbNJ0nfMFnVyR+jl6GYxaxVlFixRBg120BYcXUUvbxznzaQ2fsSkPRgOS7
/LwAAYDY+pjZqCfnW5L4tjlRwYj5/20uvBkJABEBAAHCwHYEGAEKACAWIQQar3pJ
0AgljW8idEtvMC0IfoupNgUCYW1pNwIbDAAKCRBvMC0IfoupNniJCACLEVEoTBul
d7AsB0uvInyL1U/OEMCeO62pnj4G8HwRmrSHswZsvChEBKCKddkHSVjE28v+gCS3
IzRiKPX+w/IWGGAXMMgBQ0iCOys37WDhA/9vtvIqDPKgM/EIfz8RjZl8OnwF3GBu
z4bIrxKRMwigKaOTHmFlgbXRSDW1mfkRZAcxA2qo4U5OFvqsRHFe0Te8Za8gu2cw
RkjZuoCTcmPFiGAwX68uLooxJ7yonUGS9+Ouc5N1EGE/IvNCRZRrjNDZt+RIZnR7
Vgf0aJ+Tak4YTtJT7DDKlGBqCxWwAnq3Junr7EXM8mMojE6+C1M+Vi2RNZZm9sju
TBAHAHs8HL6a
=VHHn
-----END PGP PUBLIC KEY BLOCK-----
==========================================================================
Ubuntu Security Notice USN-5064-2
January 27, 2022
cpio vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
GNU cpio could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- cpio: a tool to manage archives of files
Details:
USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides
the corresponding updates for Ubuntu 16.04 ESM.
Original advisory details:
Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled
certain pattern files. A remote attacker could use this issue to cause cpio
to crash, resulting in a denial of service, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
cpio 2.11+dfsg-5ubuntu1.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5064-2
https://ubuntu.com/security/notices/USN-5064-1
CVE-2021-38185
[USN-5254-1] shadow vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5254-1
January 27, 2022
shadow vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in shadow.
Software Description:
- shadow: system login tools
Details:
It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
expose sensitive information. This issue only affected
Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424)
It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2018-7169)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
login 1:4.5-1ubuntu2.2
passwd 1:4.5-1ubuntu2.2
uidmap 1:4.5-1ubuntu2.2
Ubuntu 16.04 ESM:
login 1:4.2-3.1ubuntu5.5+esm1
passwd 1:4.2-3.1ubuntu5.5+esm1
uidmap 1:4.2-3.1ubuntu5.5+esm1
Ubuntu 14.04 ESM:
login 1:4.1.5.1-1ubuntu9.5+esm1
passwd 1:4.1.5.1-1ubuntu9.5+esm1
uidmap 1:4.1.5.1-1ubuntu9.5+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5254-1
CVE-2017-12424, CVE-2018-7169
Package Information:
https://launchpad.net/ubuntu/+source/shadow/1:4.5-1ubuntu2.2
Ubuntu Security Notice USN-5254-1
January 27, 2022
shadow vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in shadow.
Software Description:
- shadow: system login tools
Details:
It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
expose sensitive information. This issue only affected
Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-12424)
It was discovered that shadow incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2018-7169)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
login 1:4.5-1ubuntu2.2
passwd 1:4.5-1ubuntu2.2
uidmap 1:4.5-1ubuntu2.2
Ubuntu 16.04 ESM:
login 1:4.2-3.1ubuntu5.5+esm1
passwd 1:4.2-3.1ubuntu5.5+esm1
uidmap 1:4.2-3.1ubuntu5.5+esm1
Ubuntu 14.04 ESM:
login 1:4.1.5.1-1ubuntu9.5+esm1
passwd 1:4.1.5.1-1ubuntu9.5+esm1
uidmap 1:4.1.5.1-1ubuntu9.5+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5254-1
CVE-2017-12424, CVE-2018-7169
Package Information:
https://launchpad.net/ubuntu/+source/shadow/1:4.5-1ubuntu2.2
[USN-5247-1] Vim vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5247-1
January 27, 2022
vim vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that vim incorrectly handled parsing of filenames in its
search functionality. If a user was tricked into opening a specially crafted
file, an attacker could crash the application, leading to a denial of
service. This issue only affected Ubuntu 21.10. (CVE-2021-3973)
It was discovered that vim incorrectly handled memory when opening and
searching the contents of certain files. If a user was tricked into opening
a specially crafted file, an attacker could crash the application,
leading to
a denial of service, or possibly achieve code execution with user
privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-3974)
It was discovered that vim incorrectly handled memory when opening and
editing
certain files. If a user was tricked into opening a specially crafted
file, an
attacker could crash the application, leading to a denial of service, or
possibly achieve code execution with user privileges. (CVE-2021-3984)
It was discovered that vim incorrectly handled memory when opening and
editing
certain files. If a user was tricked into opening a specially crafted
file, an
attacker could crash the application, leading to a denial of service, or
possibly achieve code execution with user privileges. (CVE-2021-4019)
It was discovered that vim incorrectly handled memory when opening and
editing
certain files. If a user was tricked into opening a specially crafted
file, an
attacker could crash the application, leading to a denial of service, or
possibly achieve code execution with user privileges.(CVE-2021-4069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
vim 2:8.2.2434-3ubuntu3.2
Ubuntu 20.04 LTS:
vim 2:8.1.2269-1ubuntu5.6
Ubuntu 18.04 LTS:
vim 2:8.0.1453-1ubuntu1.8
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5247-1
CVE-2021-3973, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019,
CVE-2021-4069
Package Information:
https://launchpad.net/ubuntu/+source/vim/2:8.2.2434-3ubuntu3.2
https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.6
https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.8
Ubuntu Security Notice USN-5247-1
January 27, 2022
vim vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that vim incorrectly handled parsing of filenames in its
search functionality. If a user was tricked into opening a specially crafted
file, an attacker could crash the application, leading to a denial of
service. This issue only affected Ubuntu 21.10. (CVE-2021-3973)
It was discovered that vim incorrectly handled memory when opening and
searching the contents of certain files. If a user was tricked into opening
a specially crafted file, an attacker could crash the application,
leading to
a denial of service, or possibly achieve code execution with user
privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-3974)
It was discovered that vim incorrectly handled memory when opening and
editing
certain files. If a user was tricked into opening a specially crafted
file, an
attacker could crash the application, leading to a denial of service, or
possibly achieve code execution with user privileges. (CVE-2021-3984)
It was discovered that vim incorrectly handled memory when opening and
editing
certain files. If a user was tricked into opening a specially crafted
file, an
attacker could crash the application, leading to a denial of service, or
possibly achieve code execution with user privileges. (CVE-2021-4019)
It was discovered that vim incorrectly handled memory when opening and
editing
certain files. If a user was tricked into opening a specially crafted
file, an
attacker could crash the application, leading to a denial of service, or
possibly achieve code execution with user privileges.(CVE-2021-4069)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
vim 2:8.2.2434-3ubuntu3.2
Ubuntu 20.04 LTS:
vim 2:8.1.2269-1ubuntu5.6
Ubuntu 18.04 LTS:
vim 2:8.0.1453-1ubuntu1.8
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5247-1
CVE-2021-3973, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019,
CVE-2021-4069
Package Information:
https://launchpad.net/ubuntu/+source/vim/2:8.2.2434-3ubuntu3.2
https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.6
https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.8
Wednesday, January 26, 2022
[CentOS-announce] CESA-2022:0274 Important CentOS 7 polkit Security Update
CentOS Errata and Security Advisory 2022:0274 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2022:0274
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
f74a68159214f1426d96de0733bdacb896eb4589d3e21a7f2e703f6256d709bc polkit-0.112-26.el7_9.1.i686.rpm
6b85f79e92ef0c82246378fae50f149f91d8ee31ac8f97a53f0333aef59c5632 polkit-0.112-26.el7_9.1.x86_64.rpm
416d63eed80ece67c95210f8579b267e2d49d197964c16f46abc57e43e2e7cb4 polkit-devel-0.112-26.el7_9.1.i686.rpm
22b030d124eaf33b5a95d386b50c0b6eb1b02dfa96a1333d4af435fedbe097b4 polkit-devel-0.112-26.el7_9.1.x86_64.rpm
ac4c7414d6a7541a5319e863c261155019d2a35737e18e635bc5522b6971141a polkit-docs-0.112-26.el7_9.1.noarch.rpm
Source:
9febd07b1eea49d6a1b0987cc636e01f0d2362b14e103a1d8c7687d9a318b06a polkit-0.112-26.el7_9.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2022:0274
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
f74a68159214f1426d96de0733bdacb896eb4589d3e21a7f2e703f6256d709bc polkit-0.112-26.el7_9.1.i686.rpm
6b85f79e92ef0c82246378fae50f149f91d8ee31ac8f97a53f0333aef59c5632 polkit-0.112-26.el7_9.1.x86_64.rpm
416d63eed80ece67c95210f8579b267e2d49d197964c16f46abc57e43e2e7cb4 polkit-devel-0.112-26.el7_9.1.i686.rpm
22b030d124eaf33b5a95d386b50c0b6eb1b02dfa96a1333d4af435fedbe097b4 polkit-devel-0.112-26.el7_9.1.x86_64.rpm
ac4c7414d6a7541a5319e863c261155019d2a35737e18e635bc5522b6971141a polkit-docs-0.112-26.el7_9.1.noarch.rpm
Source:
9febd07b1eea49d6a1b0987cc636e01f0d2362b14e103a1d8c7687d9a318b06a polkit-0.112-26.el7_9.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[USN-5193-2] X.Org X Server vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5193-2
January 26, 2022
xorg-server vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in X.Org X Server.
Software Description:
- xorg-server: X.Org X11 server
Details:
USN-5193-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain inputs. An attacker could use this issue to cause the server to
crash, resulting in a denial of service, or possibly execute arbitrary
code and escalate privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm1
Ubuntu 14.04 ESM:
xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm5
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5193-2
https://ubuntu.com/security/notices/USN-5193-1
CVE-2021-4008, CVE-2021-4009, CVE-2021-4011
Ubuntu Security Notice USN-5193-2
January 26, 2022
xorg-server vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in X.Org X Server.
Software Description:
- xorg-server: X.Org X11 server
Details:
USN-5193-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain inputs. An attacker could use this issue to cause the server to
crash, resulting in a denial of service, or possibly execute arbitrary
code and escalate privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm1
Ubuntu 14.04 ESM:
xserver-xorg-core 2:1.15.1-0ubuntu2.11+esm5
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5193-2
https://ubuntu.com/security/notices/USN-5193-1
CVE-2021-4008, CVE-2021-4009, CVE-2021-4011
Tuesday, January 25, 2022
[USN-5252-2] PolicyKit vulnerability
==========================================================================
Ubuntu Security Notice USN-5252-2
January 25, 2022
policykit-1 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
policykit-1 could be made to run programs as an administrator.
Software Description:
- policykit-1: framework for managing administrative policies and privileges
Details:
USN-5252-1 fixed a vulnerability in policykit-1. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that the PolicyKit pkexec tool incorrectly handled
command-line arguments. A local attacker could use this issue to escalate
privileges to an administrator.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
policykit-1 0.105-14.1ubuntu0.5+esm1
Ubuntu 14.04 ESM:
policykit-1 0.105-4ubuntu3.14.04.6+esm1
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5252-2
https://ubuntu.com/security/notices/USN-5252-1
CVE-2021-4034
Ubuntu Security Notice USN-5252-2
January 25, 2022
policykit-1 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
policykit-1 could be made to run programs as an administrator.
Software Description:
- policykit-1: framework for managing administrative policies and privileges
Details:
USN-5252-1 fixed a vulnerability in policykit-1. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that the PolicyKit pkexec tool incorrectly handled
command-line arguments. A local attacker could use this issue to escalate
privileges to an administrator.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
policykit-1 0.105-14.1ubuntu0.5+esm1
Ubuntu 14.04 ESM:
policykit-1 0.105-4ubuntu3.14.04.6+esm1
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5252-2
https://ubuntu.com/security/notices/USN-5252-1
CVE-2021-4034
[USN-5252-1] PolicyKit vulnerability
==========================================================================
Ubuntu Security Notice USN-5252-1
January 25, 2022
policykit-1 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
policykit-1 could be made to run programs as an administrator.
Software Description:
- policykit-1: framework for managing administrative policies and privileges
Details:
It was discovered that the PolicyKit pkexec tool incorrectly handled
command-line arguments. A local attacker could use this issue to escalate
privileges to an administrator.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
policykit-1 0.105-31ubuntu0.1
Ubuntu 20.04 LTS:
policykit-1 0.105-26ubuntu1.2
Ubuntu 18.04 LTS:
policykit-1 0.105-20ubuntu0.18.04.6
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5252-1
CVE-2021-4034
Package Information:
https://launchpad.net/ubuntu/+source/policykit-1/0.105-31ubuntu0.1
https://launchpad.net/ubuntu/+source/policykit-1/0.105-26ubuntu1.2
https://launchpad.net/ubuntu/+source/policykit-1/0.105-20ubuntu0.18.04.6
Ubuntu Security Notice USN-5252-1
January 25, 2022
policykit-1 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
policykit-1 could be made to run programs as an administrator.
Software Description:
- policykit-1: framework for managing administrative policies and privileges
Details:
It was discovered that the PolicyKit pkexec tool incorrectly handled
command-line arguments. A local attacker could use this issue to escalate
privileges to an administrator.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
policykit-1 0.105-31ubuntu0.1
Ubuntu 20.04 LTS:
policykit-1 0.105-26ubuntu1.2
Ubuntu 18.04 LTS:
policykit-1 0.105-20ubuntu0.18.04.6
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5252-1
CVE-2021-4034
Package Information:
https://launchpad.net/ubuntu/+source/policykit-1/0.105-31ubuntu0.1
https://launchpad.net/ubuntu/+source/policykit-1/0.105-26ubuntu1.2
https://launchpad.net/ubuntu/+source/policykit-1/0.105-20ubuntu0.18.04.6
mass rebuild status - 2022-01-25
Greetings.
The mass rebuild finished it's first pass on saturday morning, leaving
3448 failed builds.
We then did a second pass yesterday ( 2022-01-24 ) of all failed builds,
and that resulted in 1282 failed builds.
The f36-rebuild tag is being merged now, but unfortunately our SOP had
it merge via f36-signing-pending, so all the builds will pass through
signing again, which will be a slow process. We have updated docs and
next time will be just tagging directly into the final tag and signing
along the way.
There's a gcc build currently going that has fixes for some common
issues that caused failures on ppc64le builds along with some other
fixes. As soon as it's done we are going to do another pass of
resubmitting the failed builds and will tag any that finish there.
After that we will be done and it will be on maintainers to sort out
FTBFS issues.
kevin
The mass rebuild finished it's first pass on saturday morning, leaving
3448 failed builds.
We then did a second pass yesterday ( 2022-01-24 ) of all failed builds,
and that resulted in 1282 failed builds.
The f36-rebuild tag is being merged now, but unfortunately our SOP had
it merge via f36-signing-pending, so all the builds will pass through
signing again, which will be a slow process. We have updated docs and
next time will be just tagging directly into the final tag and signing
along the way.
There's a gcc build currently going that has fixes for some common
issues that caused failures on ppc64le builds along with some other
fixes. As soon as it's done we are going to do another pass of
resubmitting the failed builds and will tag any that finish there.
After that we will be done and it will be on maintainers to sort out
FTBFS issues.
kevin
[CentOS-announce] CESA-2022:0143 Important CentOS 7 httpd Security Update
CentOS Errata and Security Advisory 2022:0143 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2022:0143
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
9a93379d2c2af5db3ccd19b3b12e93f6dee917f2156fc18048525a7a90b313ca httpd-2.4.6-97.el7.centos.4.x86_64.rpm
6598e08634815038cb179701fefe7d97564cc4df49d4858c66ac323e5c9c5628 httpd-devel-2.4.6-97.el7.centos.4.x86_64.rpm
fd5c2fb9ea8fe33dda81b2c13693c8901313964b621a4845172a14c12df1439a httpd-manual-2.4.6-97.el7.centos.4.noarch.rpm
8fefb0595d7ec2b0969e86042785c698809542ecd2b793434519146c6285a65e httpd-tools-2.4.6-97.el7.centos.4.x86_64.rpm
b505b67a44068dde29102d451d6c870990ee335392b3e5328c79d22c00912870 mod_ldap-2.4.6-97.el7.centos.4.x86_64.rpm
8bad0cae9095a9462eee405070201f5aa90c8754e0b955a3e7e3599af9f81ffb mod_proxy_html-2.4.6-97.el7.centos.4.x86_64.rpm
1cbb2208fd1a88235398a0429e2e4dfaef8c5ce0593aa8b550c370224ca23fe1 mod_session-2.4.6-97.el7.centos.4.x86_64.rpm
dd0e9de5630bcc248395482170c7a3b3d61876f1b93a950464ca6a1125b6dd53 mod_ssl-2.4.6-97.el7.centos.4.x86_64.rpm
Source:
a0aca05862f95a73c9787e88e9ec7b091f07d021acccb1b796e1ba4d0556eba1 httpd-2.4.6-97.el7.centos.4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2022:0143
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
9a93379d2c2af5db3ccd19b3b12e93f6dee917f2156fc18048525a7a90b313ca httpd-2.4.6-97.el7.centos.4.x86_64.rpm
6598e08634815038cb179701fefe7d97564cc4df49d4858c66ac323e5c9c5628 httpd-devel-2.4.6-97.el7.centos.4.x86_64.rpm
fd5c2fb9ea8fe33dda81b2c13693c8901313964b621a4845172a14c12df1439a httpd-manual-2.4.6-97.el7.centos.4.noarch.rpm
8fefb0595d7ec2b0969e86042785c698809542ecd2b793434519146c6285a65e httpd-tools-2.4.6-97.el7.centos.4.x86_64.rpm
b505b67a44068dde29102d451d6c870990ee335392b3e5328c79d22c00912870 mod_ldap-2.4.6-97.el7.centos.4.x86_64.rpm
8bad0cae9095a9462eee405070201f5aa90c8754e0b955a3e7e3599af9f81ffb mod_proxy_html-2.4.6-97.el7.centos.4.x86_64.rpm
1cbb2208fd1a88235398a0429e2e4dfaef8c5ce0593aa8b550c370224ca23fe1 mod_session-2.4.6-97.el7.centos.4.x86_64.rpm
dd0e9de5630bcc248395482170c7a3b3d61876f1b93a950464ca6a1125b6dd53 mod_ssl-2.4.6-97.el7.centos.4.x86_64.rpm
Source:
a0aca05862f95a73c9787e88e9ec7b091f07d021acccb1b796e1ba4d0556eba1 httpd-2.4.6-97.el7.centos.4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2022:0204 Moderate CentOS 7 java-11-openjdk Security Update
CentOS Errata and Security Advisory 2022:0204 Moderate
Upstream details at : https://access.redhat.com/errata/RHSA-2022:0204
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
447af92c743509fb44207fbeccdb5f8b9f35865517ad94009935976e7e5339ed java-11-openjdk-11.0.14.0.9-1.el7_9.i686.rpm
2e329420409c6a8030ebb04a37a8421f1043c49ea15d0e644789281758483080 java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm
d2619ceca8fca7e9ee19cea2143fbd219429e9f9b06409934c366c8d6fb4cefb java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64.rpm
569c3afb20ee7aa02a316df5870c65b53bb314376059e9e761ab3e81622b3891 java-11-openjdk-demo-11.0.14.0.9-1.el7_9.i686.rpm
7b73f05a3cad8a9e27146ed66584c90db157d3c8dd9073156714b06d53ae16b4 java-11-openjdk-demo-11.0.14.0.9-1.el7_9.x86_64.rpm
8b57170fd0541d89c862ecea52f823ede947a5b16983a9646cf0c6e4970996b4 java-11-openjdk-devel-11.0.14.0.9-1.el7_9.i686.rpm
b620f989048c7f2f276ae3cbc4a5217f51cff7aad191e75030d927f8022e7c5a java-11-openjdk-devel-11.0.14.0.9-1.el7_9.x86_64.rpm
2e548be4d940969b8feee6cc4ffb8dde5ac295e684713eba0f96b20f287e7b40 java-11-openjdk-headless-11.0.14.0.9-1.el7_9.i686.rpm
237858b698163e9a4615ec1ab98636d66cd7e26deb3512708bd88164019a1994 java-11-openjdk-headless-11.0.14.0.9-1.el7_9.x86_64.rpm
54bf6ecd682245bc83076c67fa21c5c7db62c883a50972dc40dbfeda8a121125 java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.i686.rpm
87e7e547e429b8f05895e13d2852cf0bb18f91a4aba2a1bddc445c950284fc3a java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.x86_64.rpm
2117399e425ef95fb4a8b8d38c39a38d73b5e0ad8f8212f6e467901f5f05ca9c java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.i686.rpm
c441b3fe43905a4ba494377fd18f7afb8d59b3c95abfb93384cd0577b3568a5c java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.x86_64.rpm
12a2e4e010484b9e7bd30fc89af801f0e1e212a2faaaa5017acde6e83cd52964 java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.i686.rpm
25ac1048044afca67ce7c131d644b1fbf4661666b58a9bf482f289e5b1905c0f java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.x86_64.rpm
a2a0890a1bee535a6e50b46532778911b437fe971d72e228048964d8dd0f7550 java-11-openjdk-src-11.0.14.0.9-1.el7_9.i686.rpm
47005db64df1a2026edd49418e5714bd0cc4b55a22af61ad08162f38d849be23 java-11-openjdk-src-11.0.14.0.9-1.el7_9.x86_64.rpm
bf23abfbb52f27d2a18450e2bbc48bb65f02cee123b849b8e4fb9c07a0e91259 java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.i686.rpm
740cebdde7c6823d4f1beee23080215f1f12ef9577011c88461d3bf597d1931a java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.x86_64.rpm
Source:
befce90bbaf47b69ceb69ffa028b408e6af7fbebf9712bed6d44f7f49655b330 java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2022:0204
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
447af92c743509fb44207fbeccdb5f8b9f35865517ad94009935976e7e5339ed java-11-openjdk-11.0.14.0.9-1.el7_9.i686.rpm
2e329420409c6a8030ebb04a37a8421f1043c49ea15d0e644789281758483080 java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm
d2619ceca8fca7e9ee19cea2143fbd219429e9f9b06409934c366c8d6fb4cefb java-11-openjdk-11.0.14.0.9-1.el7_9.x86_64.rpm
569c3afb20ee7aa02a316df5870c65b53bb314376059e9e761ab3e81622b3891 java-11-openjdk-demo-11.0.14.0.9-1.el7_9.i686.rpm
7b73f05a3cad8a9e27146ed66584c90db157d3c8dd9073156714b06d53ae16b4 java-11-openjdk-demo-11.0.14.0.9-1.el7_9.x86_64.rpm
8b57170fd0541d89c862ecea52f823ede947a5b16983a9646cf0c6e4970996b4 java-11-openjdk-devel-11.0.14.0.9-1.el7_9.i686.rpm
b620f989048c7f2f276ae3cbc4a5217f51cff7aad191e75030d927f8022e7c5a java-11-openjdk-devel-11.0.14.0.9-1.el7_9.x86_64.rpm
2e548be4d940969b8feee6cc4ffb8dde5ac295e684713eba0f96b20f287e7b40 java-11-openjdk-headless-11.0.14.0.9-1.el7_9.i686.rpm
237858b698163e9a4615ec1ab98636d66cd7e26deb3512708bd88164019a1994 java-11-openjdk-headless-11.0.14.0.9-1.el7_9.x86_64.rpm
54bf6ecd682245bc83076c67fa21c5c7db62c883a50972dc40dbfeda8a121125 java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.i686.rpm
87e7e547e429b8f05895e13d2852cf0bb18f91a4aba2a1bddc445c950284fc3a java-11-openjdk-javadoc-11.0.14.0.9-1.el7_9.x86_64.rpm
2117399e425ef95fb4a8b8d38c39a38d73b5e0ad8f8212f6e467901f5f05ca9c java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.i686.rpm
c441b3fe43905a4ba494377fd18f7afb8d59b3c95abfb93384cd0577b3568a5c java-11-openjdk-javadoc-zip-11.0.14.0.9-1.el7_9.x86_64.rpm
12a2e4e010484b9e7bd30fc89af801f0e1e212a2faaaa5017acde6e83cd52964 java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.i686.rpm
25ac1048044afca67ce7c131d644b1fbf4661666b58a9bf482f289e5b1905c0f java-11-openjdk-jmods-11.0.14.0.9-1.el7_9.x86_64.rpm
a2a0890a1bee535a6e50b46532778911b437fe971d72e228048964d8dd0f7550 java-11-openjdk-src-11.0.14.0.9-1.el7_9.i686.rpm
47005db64df1a2026edd49418e5714bd0cc4b55a22af61ad08162f38d849be23 java-11-openjdk-src-11.0.14.0.9-1.el7_9.x86_64.rpm
bf23abfbb52f27d2a18450e2bbc48bb65f02cee123b849b8e4fb9c07a0e91259 java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.i686.rpm
740cebdde7c6823d4f1beee23080215f1f12ef9577011c88461d3bf597d1931a java-11-openjdk-static-libs-11.0.14.0.9-1.el7_9.x86_64.rpm
Source:
befce90bbaf47b69ceb69ffa028b408e6af7fbebf9712bed6d44f7f49655b330 java-11-openjdk-11.0.14.0.9-1.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Monday, January 24, 2022
F36 Change: Podman 4.0 (Late Self-Contained Change)
(Process note: this proposal is well past the deadline, but after
consulting with FESCo members, I am announcing it anyway, since it is
a leaf package that should have no impact on other
developers/maintainers)
https://fedoraproject.org/wiki/Changes/Podman4.0
== Summary ==
Podman 4.0 will be released in Fedora 36 for the first time.
== Owner ==
* Name: Dan Walsh
* Email: dwalsh@fedoraproject.org
== Detailed Description ==
Podman 4.0 will be fully released for the first time in Fedora 36. The
API has had breaking changes so it will not be released to stable in
Fedora 34 or Fedora 35. Podman 4.0 has a huge amount of changes and a
brand new network stack.
== Benefit to Fedora ==
Podman 4.0 has a huge list of new features, highlighted by a brand new
network stack. Lots of improvements and bug fixes.
See more here: https://github.com/containers/podman/releases/tag/v4.0.0-rc2
== Scope ==
* Proposal owners: It is in RC2, now, so just complete the release.
* Other developers: N/A
* Release engineering:
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives:
== Upgrade/compatibility impact ==
Podman 3.* release will not be able to connect to Podman 4.0 via
remote API, similarly Podman 4.0 will not be able to connect to Podman
3.* API.
Existing network stack will continue to run, on existing systems. All
containers and images need to be removed to try out the new network
stack.
== How To Test ==
Just test on existing systems. All Podman containers and images should
continue to work. And all compatibility API (docker-compose,
docker.py) should continue to work.
== User Experience ==
== Dependencies ==
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
consulting with FESCo members, I am announcing it anyway, since it is
a leaf package that should have no impact on other
developers/maintainers)
https://fedoraproject.org/wiki/Changes/Podman4.0
== Summary ==
Podman 4.0 will be released in Fedora 36 for the first time.
== Owner ==
* Name: Dan Walsh
* Email: dwalsh@fedoraproject.org
== Detailed Description ==
Podman 4.0 will be fully released for the first time in Fedora 36. The
API has had breaking changes so it will not be released to stable in
Fedora 34 or Fedora 35. Podman 4.0 has a huge amount of changes and a
brand new network stack.
== Benefit to Fedora ==
Podman 4.0 has a huge list of new features, highlighted by a brand new
network stack. Lots of improvements and bug fixes.
See more here: https://github.com/containers/podman/releases/tag/v4.0.0-rc2
== Scope ==
* Proposal owners: It is in RC2, now, so just complete the release.
* Other developers: N/A
* Release engineering:
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives:
== Upgrade/compatibility impact ==
Podman 3.* release will not be able to connect to Podman 4.0 via
remote API, similarly Podman 4.0 will not be able to connect to Podman
3.* API.
Existing network stack will continue to run, on existing systems. All
containers and images need to be removed to try out the new network
stack.
== How To Test ==
Just test on existing systems. All Podman containers and images should
continue to work. And all compatibility API (docker-compose,
docker.py) should continue to work.
== User Experience ==
== Dependencies ==
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[USN-5250-2] strongSwan vulnerability
==========================================================================
Ubuntu Security Notice USN-5250-2
January 24, 2022
strongswan vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
strongSwan could crash or allow unintended access to network services.
Software Description:
- strongswan: IPsec VPN solution
Details:
USN-5250-1 fixed a vulnerability in strongSwan. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Zhuowei Zhang discovered that stringSwan incorrectly handled EAP
authentication. A remote attacker could use this issue to cause strongSwan
to crash, resulting in a denial of service, or possibly bypass client and
server authentication.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
libstrongswan 5.3.5-1ubuntu3.8+esm2
strongswan 5.3.5-1ubuntu3.8+esm2
Ubuntu 14.04 ESM:
libstrongswan 5.1.2-0ubuntu2.11+esm2
strongswan 5.1.2-0ubuntu2.11+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5250-2
https://ubuntu.com/security/notices/USN-5250-1
CVE-2021-45079
Ubuntu Security Notice USN-5250-2
January 24, 2022
strongswan vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
strongSwan could crash or allow unintended access to network services.
Software Description:
- strongswan: IPsec VPN solution
Details:
USN-5250-1 fixed a vulnerability in strongSwan. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Zhuowei Zhang discovered that stringSwan incorrectly handled EAP
authentication. A remote attacker could use this issue to cause strongSwan
to crash, resulting in a denial of service, or possibly bypass client and
server authentication.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
libstrongswan 5.3.5-1ubuntu3.8+esm2
strongswan 5.3.5-1ubuntu3.8+esm2
Ubuntu 14.04 ESM:
libstrongswan 5.1.2-0ubuntu2.11+esm2
strongswan 5.1.2-0ubuntu2.11+esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5250-2
https://ubuntu.com/security/notices/USN-5250-1
CVE-2021-45079
Orphaned packages looking for new maintainers
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will fail to install and/or build when the affected package gets retired.
Request package ownership via the *Take* button in he left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://churchyard.fedorapeople.org/orphans-2022-01-24.txt
grep it for your FAS username and follow the dependency chain.
For human readable dependency chains,
see https://packager-dashboard.fedoraproject.org/
For all orphaned packages,
see https://packager-dashboard.fedoraproject.org/orphan
Package (co)maintainers Status Change
================================================================================
3proxy orphan 0 weeks ago
DivFix++ orphan 0 weeks ago
colorize orphan 0 weeks ago
curlftpfs orphan 0 weeks ago
dans-gdal-scripts orphan 5 weeks ago
darkstat orphan 0 weeks ago
elmon orphan 0 weeks ago
esniper orphan 5 weeks ago
fkill-cli orphan 4 weeks ago
fotoxx limb, orphan 0 weeks ago
fx orphan 4 weeks ago
fx-completion orphan 4 weeks ago
gloox cicku, davidsch, orphan 0 weeks ago
hans orphan 0 weeks ago
httpd-itk orphan 0 weeks ago
iodine lystor, orphan 0 weeks ago
kea fjanus, orphan, zdohnal 1 weeks ago
laby orphan 2 weeks ago
mysqlreport orphan, wolfy 0 weeks ago
nodejs-svgo nodejs-sig, orphan 4 weeks ago
npm-name-cli orphan 4 weeks ago
pacmanager ngompa, orphan 0 weeks ago
percol orphan 0 weeks ago
perl-File-Finder orphan 0 weeks ago
perl-File-Inplace orphan 0 weeks ago
perl-HTML-FormatText-WithLinks- orphan 0 weeks ago
AndTables
perl-IO-Any orphan 0 weeks ago
perl-JSON-Util orphan 0 weeks ago
perl-Lingua-EN-Fathom jfearn, orphan 0 weeks ago
perl-Lingua-EN-Syllable orphan 0 weeks ago
perl-Locale-Maketext-Gettext orphan 0 weeks ago
perl-Net-HL7 orphan 4 weeks ago
perl-ParseLex orphan 0 weeks ago
perl-String-Similarity lcons, orphan 0 weeks ago
perl-Sys-Path orphan 0 weeks ago
perl-Test-Fixme orphan 0 weeks ago
pgcenter orphan 0 weeks ago
pgdbf orphan 0 weeks ago
pgmodeler orphan 0 weeks ago
php-pecl-solr2 orphan 2 weeks ago
plexus-i18n mizdebsk, orphan 0 weeks ago
pmount kni, orphan 0 weeks ago
pstreams-devel jwakely, orphan 0 weeks ago
publican jfearn, orphan 0 weeks ago
python-ECPy orphan 0 weeks ago
python-btchip jonny, orphan 0 weeks ago
python-cmigemo orphan 0 weeks ago
python-jenkins-job-builder ignatenkobrain, ktdreyer, 5 weeks ago
orphan, pabelanger
python-netssh2 orphan 2 weeks ago
python-pykwalify goldmann, orphan 0 weeks ago
python-wand orphan 2 weeks ago
rubygem-rsolr orphan 4 weeks ago
siril astro-sig, lkundrak, lupinix, 4 weeks ago
orphan
slim aarem, orphan 0 weeks ago
sqlite3-dbf orphan 0 weeks ago
teseq orphan 0 weeks ago
topojson-client orphan 4 weeks ago
topojson-server orphan 4 weeks ago
topojson-simplify orphan 4 weeks ago
trickle orphan, villadalmine, wolfy 0 weeks ago
uml_utilities chkr, orphan 3 weeks ago
vanessa_adt orphan 0 weeks ago
vanessa_socket orphan 0 weeks ago
xcf-pixbuf-loader orphan 6 weeks ago
xmlgraphics-commons orphan 0 weeks ago
The following packages require above mentioned packages:
Depending on: fx (1), status change: 2021-12-22 (4 weeks ago)
fx-completion (maintained by: orphan)
fx-completion-1.0.5-5.fc36.noarch requires npm(fx) = 20.0.2
fx-completion-1.0.5-5.fc36.src requires npm(fx) = 20.0.2
Depending on: gloox (1), status change: 2022-01-18 (0 weeks ago)
0ad (maintained by: bruno, ignatenkobrain, pwalter)
0ad-0.0.25b-2.fc36.src requires gloox-devel = 1:1.0.23-5.fc35
0ad-0.0.25b-2.fc36.x86_64 requires libgloox.so.17()(64bit)
Depending on: iodine (2), status change: 2022-01-18 (0 weeks ago)
NetworkManager-iodine (maintained by: danfruehauf)
NetworkManager-iodine-1.2.0-14.fc35.x86_64 requires iodine-client = 0.7.0-18.fc35
plasma-nm (maintained by: kde-sig, rdieter)
plasma-nm-iodine-5.23.90-1.fc36.i686 requires NetworkManager-iodine =
1.2.0-14.fc35
plasma-nm-iodine-5.23.90-1.fc36.x86_64 requires NetworkManager-iodine =
1.2.0-14.fc35
Depending on: perl-File-Inplace (1), status change: 2022-01-18 (0 weeks ago)
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires perl(File::Inplace) = 0.20
publican-4.3.2-22.fc35.src requires perl(File::Inplace) = 0.20
Depending on: perl-HTML-FormatText-WithLinks-AndTables (3), status change:
2022-01-18 (0 weeks ago)
perl-Email-Template (maintained by: eseyman)
perl-Email-Template-0.02-18.fc35.noarch requires
perl(HTML::FormatText::WithLinks::AndTables) = 0.07
perl-Email-Template-0.02-18.fc35.src requires
perl(HTML::FormatText::WithLinks::AndTables) = 0.07
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires
perl(HTML::FormatText::WithLinks::AndTables) = 0.07
publican-4.3.2-22.fc35.src requires
perl(HTML::FormatText::WithLinks::AndTables) = 0.07
rt (maintained by: corsepiu)
rt-4.4.5-4.fc36.noarch requires perl(HTML::FormatText::WithLinks::AndTables)
= 0.07
rt-4.4.5-4.fc36.src requires perl(HTML::FormatText::WithLinks::AndTables) = 0.07
Depending on: perl-IO-Any (2), status change: 2022-01-18 (0 weeks ago)
perl-JSON-Util (maintained by: orphan)
perl-JSON-Util-0.06-18.fc35.noarch requires perl(IO::Any) = 0.09
perl-JSON-Util-0.06-18.fc35.src requires perl(IO::Any) = 0.09
perl-Sys-Path (maintained by: orphan)
perl-Sys-Path-0.16-13.fc35.noarch requires perl(JSON::Util) = 0.06
perl-Sys-Path-0.16-13.fc35.src requires perl(JSON::Util) = 0.06
Depending on: perl-JSON-Util (1), status change: 2022-01-18 (0 weeks ago)
perl-Sys-Path (maintained by: orphan)
perl-Sys-Path-0.16-13.fc35.noarch requires perl(JSON::Util) = 0.06
perl-Sys-Path-0.16-13.fc35.src requires perl(JSON::Util) = 0.06
Depending on: perl-Lingua-EN-Fathom (1), status change: 2022-01-18 (0 weeks ago)
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires perl(Lingua::EN::Fathom) = 1.22
publican-4.3.2-22.fc35.src requires perl(Lingua::EN::Fathom) = 1.22
Depending on: perl-Lingua-EN-Syllable (2), status change: 2022-01-18 (0 weeks ago)
perl-Lingua-EN-Fathom (maintained by: jfearn, orphan)
perl-Lingua-EN-Fathom-1.22-10.fc35.noarch requires perl(Lingua::EN::Syllable)
= 0.30
perl-Lingua-EN-Fathom-1.22-10.fc35.src requires perl(Lingua::EN::Syllable) = 0.30
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires perl(Lingua::EN::Fathom) = 1.22
publican-4.3.2-22.fc35.src requires perl(Lingua::EN::Fathom) = 1.22
Depending on: perl-Locale-Maketext-Gettext (2), status change: 2022-01-18 (0
weeks ago)
perl-Locale-Msgfmt (maintained by: jplesnik, ppisar)
perl-Locale-Msgfmt-0.15-31.fc35.src requires perl(Locale::Maketext::Gettext)
= 1.32
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires perl(Locale::Maketext::Gettext) = 1.32
publican-4.3.2-22.fc35.src requires perl(Locale::Maketext::Gettext) = 1.32,
perl(Locale::Msgfmt) = 0.15
Depending on: perl-String-Similarity (1), status change: 2022-01-21 (0 weeks ago)
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires perl(String::Similarity) = 1.04
publican-4.3.2-22.fc35.src requires perl(String::Similarity) = 1.04
Depending on: perl-Test-Fixme (23), status change: 2022-01-18 (0 weeks ago)
perl-Test-Apocalypse (maintained by: jplesnik, ppisar)
perl-Test-Apocalypse-1.006-22.fc35.noarch requires perl(Test::Fixme) = 0.16,
perl(Test::Pod::No404s) = 0.02
perl-Test-Apocalypse-1.006-22.fc35.src requires perl(Test::Fixme) = 0.16,
perl(Test::Pod::No404s) = 0.02
perl-Test-Pod-No404s (maintained by: jplesnik, ppisar)
perl-Test-Pod-No404s-0.02-28.fc35.src requires perl(Test::Apocalypse) = 1.006
perl-Module-Implementation (maintained by: pghmcfc)
perl-Module-Implementation-0.09-31.fc35.src requires perl(Test::Pod::No404s)
= 0.02
imapsync (maintained by: nb)
imapsync-1.977-3.fc35.src requires perl(Module::Implementation) = 0.09
perl-B-Hooks-EndOfScope (maintained by: jplesnik, mspacek, pghmcfc, ppisar)
perl-B-Hooks-EndOfScope-0.25-1.fc36.noarch requires
perl(Module::Implementation) = 0.09
perl-B-Hooks-EndOfScope-0.25-1.fc36.src requires perl(Module::Implementation)
= 0.09
perl-Class-Load (maintained by: pghmcfc)
perl-Class-Load-0.25-17.fc35.noarch requires perl(Module::Implementation) = 0.09
perl-Class-Load-0.25-17.fc35.src requires perl(Module::Implementation) = 0.09
perl-Class-Load-XS (maintained by: pghmcfc)
perl-Class-Load-XS-0.10-16.fc35.src requires perl(Module::Implementation) = 0.09
perl-List-SomeUtils (maintained by: jplesnik, ppisar)
perl-List-SomeUtils-0.58-7.fc35.noarch requires perl(Module::Implementation)
= 0.09
perl-List-SomeUtils-0.58-7.fc35.src requires perl(Module::Implementation) = 0.09
perl-MaxMind-DB-Reader (maintained by: perl-maint-sig, ppisar)
perl-MaxMind-DB-Reader-1.000014-4.fc35.noarch requires
perl(Module::Implementation) = 0.09
perl-MaxMind-DB-Reader-1.000014-4.fc35.src requires
perl(Module::Implementation) = 0.09
perl-MaxMind-DB-Reader-XS (maintained by: perl-maint-sig, ppisar)
perl-MaxMind-DB-Reader-XS-1.000008-4.fc35.src requires
perl(Module::Implementation) = 0.09
perl-Package-Stash (maintained by: pghmcfc)
perl-Package-Stash-0.39-4.fc35.noarch requires perl(Module::Implementation) =
0.09
perl-Package-Stash-0.39-4.fc35.src requires perl(Module::Implementation) = 0.09
perl-Params-Validate (maintained by: corsepiu, laxathom, pghmcfc, steve)
perl-Params-Validate-1.30-4.fc35.src requires perl(Module::Implementation) = 0.09
perl-Params-Validate-1.30-4.fc35.x86_64 requires perl(Module::Implementation)
= 0.09
perl-B-Hooks-Parser (maintained by: wfp)
perl-B-Hooks-Parser-0.21-9.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
perl-Catalyst-Runtime (maintained by: eseyman, iarnell, jplesnik, ppisar)
perl-Catalyst-Runtime-5.90126-8.fc35.noarch requires
perl(B::Hooks::EndOfScope) = 0.25
perl-Devel-Declare (maintained by: averi, iarnell, pghmcfc)
perl-Devel-Declare-0.006022-8.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
perl-Devel-Declare-0.006022-8.fc35.x86_64 requires perl(B::Hooks::EndOfScope)
= 0.25
perl-Devel-Declare-Parser (maintained by: jplesnik, ppisar)
perl-Devel-Declare-Parser-0.020-20.fc35.noarch requires
perl(B::Hooks::EndOfScope) = 0.25
perl-Devel-Declare-Parser-0.020-20.fc35.src requires
perl(B::Hooks::EndOfScope) = 0.25
perl-MooX-Struct (maintained by: eseyman, jplesnik)
perl-MooX-Struct-0.020-6.fc35.noarch requires perl(B::Hooks::EndOfScope) = 0.25
perl-MooX-Struct-0.020-6.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
perl-MooseX-MarkAsMethods (maintained by: eseyman, jplesnik)
perl-MooseX-MarkAsMethods-0.15-26.fc35.noarch requires
perl(B::Hooks::EndOfScope) = 0.25
perl-MooseX-MarkAsMethods-0.15-26.fc35.src requires
perl(B::Hooks::EndOfScope) = 0.25
perl-MooseX-Method-Signatures (maintained by: eseyman, iarnell, ppisar)
perl-MooseX-Method-Signatures-0.49-18.fc35.noarch requires
perl(B::Hooks::EndOfScope) = 0.25
perl-MooseX-Method-Signatures-0.49-18.fc35.src requires
perl(B::Hooks::EndOfScope) = 0.25
perl-TryCatch (maintained by: jplesnik, ppisar)
perl-TryCatch-1.003002-27.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
perl-TryCatch-1.003002-27.fc35.x86_64 requires perl(B::Hooks::EndOfScope) = 0.25
perl-namespace-autoclean (maintained by: iarnell, jplesnik, mspacek, pghmcfc,
ppisar)
perl-namespace-autoclean-0.29-9.fc35.noarch requires
perl(B::Hooks::EndOfScope) = 0.25
perl-namespace-autoclean-0.29-9.fc35.src requires perl(B::Hooks::EndOfScope)
= 0.25
perl-namespace-clean (maintained by: jplesnik, mspacek, pghmcfc, ppisar)
perl-namespace-clean-0.27-18.fc35.noarch requires perl(B::Hooks::EndOfScope)
= 0.25
perl-namespace-clean-0.27-18.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
perl-namespace-sweep (maintained by: corsepiu, perl-sig, xavierb)
perl-namespace-sweep-0.006-15.fc35.noarch requires perl(B::Hooks::EndOfScope)
= 0.25
perl-namespace-sweep-0.006-15.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
Too many dependencies for perl-Test-Fixme, not all listed here
Depending on: plexus-i18n (21), status change: 2022-01-19 (0 weeks ago)
antlr-maven-plugin (maintained by: lef, spot)
antlr-maven-plugin-2.2-30.fc35.noarch requires
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0,
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
antlr-maven-plugin-2.2-30.fc35.src requires
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0,
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
maven-doxia-sitetools (maintained by: jjames, mizdebsk)
maven-doxia-sitetools-1.9.2-5.fc35.noarch requires
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
maven-doxia-sitetools-1.9.2-5.fc35.src requires
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
maven-invoker-plugin (maintained by: korkeala, mizdebsk)
maven-invoker-plugin-3.2.1-6.fc35.noarch requires
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2,
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0,
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
maven-invoker-plugin-3.2.1-6.fc35.src requires
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2,
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0,
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
javacc-maven-plugin (maintained by: jjames, mizdebsk)
javacc-maven-plugin-2.6-33.fc35.noarch requires
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2,
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0
javacc-maven-plugin-2.6-33.fc35.src requires
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2,
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0
maven-reporting-impl (maintained by: jjames, mizdebsk)
maven-reporting-impl-3.0.0-12.fc36.noarch requires
mvn(org.apache.maven.doxia:doxia-decoration-model) = 1.9.2,
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2
maven-reporting-impl-3.0.0-12.fc36.src requires
mvn(org.apache.maven.doxia:doxia-decoration-model) = 1.9.2,
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2
clojure-maven-plugin (maintained by: korkeala)
clojure-maven-plugin-1.8.4-4.fc35.src requires
mvn(org.apache.maven.plugins:maven-invoker-plugin) = 3.2.1
maven-scm (maintained by: guidograzioli, jcapik, mizdebsk, msimacek)
maven-scm-1.10.0-11.fc35.src requires
mvn(org.apache.maven.plugins:maven-invoker-plugin) = 3.2.1
mojo-executor (maintained by: jjames)
mojo-executor-2.3.2-1.fc36.src requires
mvn(org.apache.maven.plugins:maven-invoker-plugin) = 3.2.1
xml-maven-plugin (maintained by: ke4qqq, mbooth, mizdebsk)
xml-maven-plugin-1.0.2-9.fc35.src requires
mvn(org.apache.maven.plugins:maven-invoker-plugin) = 3.2.1
jacop (maintained by: pcpa)
jacop-4.8-5.fc36.src requires mvn(org.codehaus.mojo:javacc-maven-plugin) = 2.6
javaparser (maintained by: cdorney, cfu, jmagne, korkeala, mharmsen)
javaparser-3.22.0-1.fc36.src requires
mvn(org.codehaus.mojo:javacc-maven-plugin) = 2.6
clojure-core-specs-alpha (maintained by: korkeala)
clojure-core-specs-alpha-1:0.2.56-2.fc35.src requires
mvn(com.theoryinpractise:clojure-maven-plugin) = 1.8.4,
mvn(org.clojure:spec.alpha) = 0.2.194
clojure-spec-alpha (maintained by: korkeala)
clojure-spec-alpha-1:0.2.194-3.fc35.src requires
mvn(com.theoryinpractise:clojure-maven-plugin) = 1.8.4
buildnumber-maven-plugin (maintained by: jjelen)
buildnumber-maven-plugin-1.3-19.fc35.noarch requires
mvn(org.apache.maven.scm:maven-scm-api) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-manager-plexus) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-bazaar) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-clearcase) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-cvsexe) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-gitexe) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-hg) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-perforce) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-starteam) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-svn-commons) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-svnexe) = 1.10.0
buildnumber-maven-plugin-1.3-19.fc35.src requires
mvn(org.apache.maven.scm:maven-scm-api) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-manager-plexus) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-bazaar) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-clearcase) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-cvsexe) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-gitexe) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-hg) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-perforce) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-starteam) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-svn-commons) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-svnexe) = 1.10.0
string-template-maven-plugin (maintained by: jjames)
string-template-maven-plugin-1.1-5.fc36.noarch requires
mvn(org.twdata.maven:mojo-executor) = 2.3.2
string-template-maven-plugin-1.1-5.fc36.src requires
mvn(org.twdata.maven:mojo-executor-maven-plugin) = 2.3.2
fop (maintained by: mizdebsk, peter, ttorling)
fop-2.6-3.fc36.src requires xml-maven-plugin = 1.0.2-9.fc35
mp (maintained by: pcpa, sagitter)
mp-3.1.0-35.20200303git7fd4828.fc36.src requires jacop = 4.8-5.fc36
mp-3.1.0-35.20200303git7fd4828.fc36.x86_64 requires jacop = 4.8-5.fc36
jctools (maintained by: pwouters)
jctools-3.3.0-1.fc35.src requires mvn(com.github.javaparser:javaparser-core)
= 3.22.0
clojure (maintained by: korkeala, kushal, s4504kr, walters)
clojure-1:1.10.3-2.fc35.noarch requires mvn(org.clojure:core.specs.alpha) =
0.2.56, mvn(org.clojure:spec.alpha) = 0.2.194
clojure-1:1.10.3-2.fc35.src requires mvn(org.clojure:core.specs.alpha) =
0.2.56, mvn(org.clojure:spec.alpha) = 0.2.194
jacoco (maintained by: didiksupriadi41, jvanek, kdaniel, lef)
jacoco-0.8.7-3.fc36.src requires
mvn(org.codehaus.mojo:buildnumber-maven-plugin) = 1.3
xmpcore (maintained by: cquad, jjelen)
xmpcore-5.1.2-17.fc35.src requires buildnumber-maven-plugin = 1.3-19.fc35
Too many dependencies for plexus-i18n, not all listed here
Depending on: pstreams-devel (1), status change: 2022-01-18 (0 weeks ago)
pdf2djvu (maintained by: filiperosset)
pdf2djvu-0.9.18.2-2.fc36.src requires pstreams-devel = 1.0.3-4.fc35
Depending on: python-cmigemo (1), status change: 2022-01-18 (0 weeks ago)
percol (maintained by: orphan)
percol-0.1.1-0.22.git.b567f41.fc35.noarch requires python3-cmigemo =
0.1.6-22.fc35, python3.10dist(cmigemo) = 0.1.6
percol-0.1.1-0.22.git.b567f41.fc35.src requires python3-cmigemo = 0.1.6-22.fc35
Depending on: python-pykwalify (2), status change: 2022-01-18 (0 weeks ago)
borgmatic (maintained by: heffer)
borgmatic-1.5.21-1.fc36.noarch requires python3-pykwalify = 1.7.0-12.fc35
cekit (maintained by: goldmann, rnc)
cekit-3.12.0-1.fc36.noarch requires python3-pykwalify = 1.7.0-12.fc35,
python3.10dist(pykwalify) = 1.7
cekit-3.12.0-1.fc36.src requires python3-pykwalify = 1.7.0-12.fc35
Depending on: xmlgraphics-commons (32), status change: 2022-01-18 (0 weeks ago)
batik (maintained by: jvanek, mbooth, mizdebsk)
batik-1.14-3.fc35.noarch requires
mvn(org.apache.xmlgraphics:xmlgraphics-commons) = 2.6
batik-1.14-3.fc35.src requires
mvn(org.apache.xmlgraphics:xmlgraphics-commons) = 2.6
batik-css-1.14-3.fc35.noarch requires
mvn(org.apache.xmlgraphics:xmlgraphics-commons) = 2.6
fop (maintained by: mizdebsk, peter, ttorling)
fop-2.6-3.fc36.noarch requires mvn(org.apache.xmlgraphics:batik-anim) = 1.14,
mvn(org.apache.xmlgraphics:batik-awt-util) = 1.14,
mvn(org.apache.xmlgraphics:batik-bridge) = 1.14,
mvn(org.apache.xmlgraphics:batik-extension) = 1.14,
mvn(org.apache.xmlgraphics:batik-gvt) = 1.14,
mvn(org.apache.xmlgraphics:batik-transcoder) = 1.14,
mvn(org.apache.xmlgraphics:xmlgraphics-commons) = 2.6
fop-2.6-3.fc36.src requires batik = 1.14-3.fc35, xmlgraphics-commons = 2.6-2.fc35
ditaa (maintained by: terjeros)
ditaa-0.10-14.fc35.noarch requires batik = 1.14-3.fc35
ditaa-0.10-14.fc35.src requires batik = 1.14-3.fc35
bibletime (maintained by: cicku, deji, greghellings)
bibletime-3.0.2-1.fc36.src requires fop = 2.6-3.fc36
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires fop = 2.6-3.fc36
publican-4.3.2-22.fc35.src requires fop = 2.6-3.fc36
scons (maintained by: fab, moceap, mskalick, panovotn, s4504kr, sagitter)
scons-4.3.0-2.fc36.src requires fop = 2.6-3.fc36
boswars (maintained by: bruno, jwrdegoede, timn)
boswars-2.7-26.svn160110.fc35.src requires python3-scons = 4.3.0-2.fc36
cantera (maintained by: fuller)
cantera-2.6.0-0.7.a4.fc36.src requires python3-scons = 4.3.0-2.fc36
compat-tolua++ (maintained by: jwrdegoede)
compat-tolua++-1.0.93-16.fc35.src requires python3-scons = 4.3.0-2.fc36
endless-sky (maintained by: linkdupont)
endless-sky-0.9.14-2.fc35.src requires scons = 4.3.0-2.fc36
glob2 (maintained by: bruno, cheese)
glob2-0.9.4.4-57.fc35.src requires python3-scons = 4.3.0-2.fc36
godot (maintained by: akien)
godot-3.3.3-2.fc36.src requires python3-scons = 4.3.0-2.fc36
gpsd (maintained by: fab, mlichvar, tdawson, ttorling)
gpsd-1:3.23.1-1.fc36.src requires python3-scons = 4.3.0-2.fc36
lcdtest (maintained by: brouhaha)
lcdtest-1.18-27.fc35.src requires scons = 4.3.0-2.fc36
libffado (maintained by: nphilipp)
libffado-2.4.4-5.fc35.src requires python3-scons = 4.3.0-2.fc36
libnxt (maintained by: dwrobel)
libnxt-0.3-26.fc35.src requires scons = 4.3.0-2.fc36
libserf (maintained by: cicku, jorton, tkorbar)
libserf-1.3.9-22.fc36.src requires python3-scons = 4.3.0-2.fc36
mapnik (maintained by: alexlan, tomh)
mapnik-3.1.0-14.fc36.src requires scons = 4.3.0-2.fc36
mingw-nsis (maintained by: lef, rjones, smani, teuf)
mingw-nsis-3.08-1.fc36.src requires python3-scons = 4.3.0-2.fc36
minicomputer (maintained by: verdurin)
minicomputer-1.41-31.fc35.src requires /usr/bin/scons
mypaint (maintained by: avsej)
mypaint-2.0.1-4.fc35.src requires python3-scons = 4.3.0-2.fc36
netpanzer (maintained by: laxathom, limb)
netpanzer-0.8.7-18.fc35.src requires python3-scons = 4.3.0-2.fc36
pingus (maintained by: limb)
pingus-0.7.6-39.fc35.src requires python3-scons = 4.3.0-2.fc36
rmlint (maintained by: eclipseo)
rmlint-2.10.1-6.fc35.src requires scons = 4.3.0-2.fc36
sagemath (maintained by: pcpa)
sagemath-9.4-2.fc36.src requires python3dist(scons) = 4.3
sar2 (maintained by: spot)
sar2-2.5.0-4.fc35.src requires scons = 4.3.0-2.fc36
sunpinyin (maintained by: cicku, fujiwara, helloworld1, liangsuilong, pwu)
sunpinyin-3.0.0-0.6.20190805git.fc35.src requires python3-scons = 4.3.0-2.fc36
tolua++ (maintained by: jwrdegoede, moceap)
tolua++-1.0.93-32.fc35.src requires python3-scons = 4.3.0-2.fc36
v8-314 (maintained by: lkundrak)
v8-314-3.14.5.10-26.fc35.src requires scons = 4.3.0-2.fc36
vdrift (maintained by: limb, rmattes)
vdrift-20141020-25.git5ae309f.fc35.src requires python3-scons = 4.3.0-2.fc36
wesnoth (maintained by: bruno, limb, pwalter)
wesnoth-1.17.0-1.fc36.src requires python3-scons = 4.3.0-2.fc36
zfs-fuse (maintained by: limb)
zfs-fuse-0.7.2.2-21.fc36.src requires scons = 4.3.0-2.fc36
Too many dependencies for xmlgraphics-commons, not all listed here
See dependency chains of your packages at
https://packager-dashboard.fedoraproject.org/
See all orphaned packages at https://packager-dashboard.fedoraproject.org/orphan
Affected (co)maintainers (either directly or via packages' dependencies):
aarem: slim
akien: xmlgraphics-commons
alexlan: xmlgraphics-commons
astro-sig: siril
averi: perl-Test-Fixme
avsej: xmlgraphics-commons
brouhaha: xmlgraphics-commons
bruno: xmlgraphics-commons, gloox
cdorney: plexus-i18n
cfu: plexus-i18n
cheese: xmlgraphics-commons
chkr: uml_utilities
cicku: xmlgraphics-commons, gloox
corsepiu: perl-HTML-FormatText-WithLinks-AndTables, perl-Test-Fixme
cquad: plexus-i18n
danfruehauf: iodine
davidsch: gloox
deji: xmlgraphics-commons
didiksupriadi41: plexus-i18n
dwrobel: xmlgraphics-commons
eclipseo: xmlgraphics-commons
eseyman: perl-HTML-FormatText-WithLinks-AndTables, perl-Test-Fixme
fab: xmlgraphics-commons
filiperosset: pstreams-devel
fjanus: kea
fujiwara: xmlgraphics-commons
fuller: xmlgraphics-commons
goldmann: python-pykwalify
greghellings: xmlgraphics-commons
guidograzioli: plexus-i18n
heffer: python-pykwalify
helloworld1: xmlgraphics-commons
iarnell: perl-Test-Fixme
ignatenkobrain: gloox, python-jenkins-job-builder
jcapik: plexus-i18n
jfearn: xmlgraphics-commons, publican, perl-String-Similarity,
perl-HTML-FormatText-WithLinks-AndTables, perl-Locale-Maketext-Gettext,
perl-File-Inplace, perl-Lingua-EN-Syllable, perl-Lingua-EN-Fathom
jjames: plexus-i18n
jjelen: plexus-i18n
jmagne: plexus-i18n
jonny: python-btchip
jorton: xmlgraphics-commons
jplesnik: perl-Locale-Maketext-Gettext, perl-Test-Fixme
jvanek: plexus-i18n, xmlgraphics-commons
jwakely: pstreams-devel
jwrdegoede: xmlgraphics-commons
kdaniel: plexus-i18n
kde-sig: iodine
ke4qqq: plexus-i18n
kni: pmount
korkeala: plexus-i18n
ktdreyer: python-jenkins-job-builder
kushal: plexus-i18n
laxathom: xmlgraphics-commons, perl-Test-Fixme
lcons: perl-String-Similarity
lef: plexus-i18n, xmlgraphics-commons
liangsuilong: xmlgraphics-commons
limb: fotoxx, xmlgraphics-commons
linkdupont: xmlgraphics-commons
lkundrak: xmlgraphics-commons, siril
lupinix: siril
lystor: iodine
mbooth: plexus-i18n, xmlgraphics-commons
mharmsen: plexus-i18n
mizdebsk: plexus-i18n, xmlgraphics-commons
mlichvar: xmlgraphics-commons
moceap: xmlgraphics-commons
msimacek: plexus-i18n
mskalick: xmlgraphics-commons
mspacek: perl-Test-Fixme
nb: perl-Test-Fixme
ngompa: pacmanager
nodejs-sig: nodejs-svgo
nphilipp: xmlgraphics-commons
pabelanger: python-jenkins-job-builder
panovotn: xmlgraphics-commons
pcpa: plexus-i18n, xmlgraphics-commons
perl-maint-sig: perl-Test-Fixme
perl-sig: perl-Test-Fixme
peter: plexus-i18n, xmlgraphics-commons
pghmcfc: perl-Test-Fixme
ppisar: perl-Locale-Maketext-Gettext, perl-Test-Fixme
pwalter: xmlgraphics-commons, gloox
pwouters: plexus-i18n
pwu: xmlgraphics-commons
rdieter: iodine
rjones: xmlgraphics-commons
rmattes: xmlgraphics-commons
rnc: python-pykwalify
s4504kr: plexus-i18n, xmlgraphics-commons
sagitter: plexus-i18n, xmlgraphics-commons
smani: xmlgraphics-commons
spot: plexus-i18n, xmlgraphics-commons
steve: perl-Test-Fixme
tdawson: xmlgraphics-commons
terjeros: xmlgraphics-commons
teuf: xmlgraphics-commons
timn: xmlgraphics-commons
tkorbar: xmlgraphics-commons
tomh: xmlgraphics-commons
ttorling: plexus-i18n, xmlgraphics-commons
verdurin: xmlgraphics-commons
villadalmine: trickle
walters: plexus-i18n
wfp: perl-Test-Fixme
wolfy: trickle, mysqlreport
xavierb: perl-Test-Fixme
zdohnal: kea
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will fail to install and/or build when the affected package gets retired.
Request package ownership via the *Take* button in he left column on
https://src.fedoraproject.org/rpms/<pkgname>
Full report available at:
https://churchyard.fedorapeople.org/orphans-2022-01-24.txt
grep it for your FAS username and follow the dependency chain.
For human readable dependency chains,
see https://packager-dashboard.fedoraproject.org/
For all orphaned packages,
see https://packager-dashboard.fedoraproject.org/orphan
Package (co)maintainers Status Change
================================================================================
3proxy orphan 0 weeks ago
DivFix++ orphan 0 weeks ago
colorize orphan 0 weeks ago
curlftpfs orphan 0 weeks ago
dans-gdal-scripts orphan 5 weeks ago
darkstat orphan 0 weeks ago
elmon orphan 0 weeks ago
esniper orphan 5 weeks ago
fkill-cli orphan 4 weeks ago
fotoxx limb, orphan 0 weeks ago
fx orphan 4 weeks ago
fx-completion orphan 4 weeks ago
gloox cicku, davidsch, orphan 0 weeks ago
hans orphan 0 weeks ago
httpd-itk orphan 0 weeks ago
iodine lystor, orphan 0 weeks ago
kea fjanus, orphan, zdohnal 1 weeks ago
laby orphan 2 weeks ago
mysqlreport orphan, wolfy 0 weeks ago
nodejs-svgo nodejs-sig, orphan 4 weeks ago
npm-name-cli orphan 4 weeks ago
pacmanager ngompa, orphan 0 weeks ago
percol orphan 0 weeks ago
perl-File-Finder orphan 0 weeks ago
perl-File-Inplace orphan 0 weeks ago
perl-HTML-FormatText-WithLinks- orphan 0 weeks ago
AndTables
perl-IO-Any orphan 0 weeks ago
perl-JSON-Util orphan 0 weeks ago
perl-Lingua-EN-Fathom jfearn, orphan 0 weeks ago
perl-Lingua-EN-Syllable orphan 0 weeks ago
perl-Locale-Maketext-Gettext orphan 0 weeks ago
perl-Net-HL7 orphan 4 weeks ago
perl-ParseLex orphan 0 weeks ago
perl-String-Similarity lcons, orphan 0 weeks ago
perl-Sys-Path orphan 0 weeks ago
perl-Test-Fixme orphan 0 weeks ago
pgcenter orphan 0 weeks ago
pgdbf orphan 0 weeks ago
pgmodeler orphan 0 weeks ago
php-pecl-solr2 orphan 2 weeks ago
plexus-i18n mizdebsk, orphan 0 weeks ago
pmount kni, orphan 0 weeks ago
pstreams-devel jwakely, orphan 0 weeks ago
publican jfearn, orphan 0 weeks ago
python-ECPy orphan 0 weeks ago
python-btchip jonny, orphan 0 weeks ago
python-cmigemo orphan 0 weeks ago
python-jenkins-job-builder ignatenkobrain, ktdreyer, 5 weeks ago
orphan, pabelanger
python-netssh2 orphan 2 weeks ago
python-pykwalify goldmann, orphan 0 weeks ago
python-wand orphan 2 weeks ago
rubygem-rsolr orphan 4 weeks ago
siril astro-sig, lkundrak, lupinix, 4 weeks ago
orphan
slim aarem, orphan 0 weeks ago
sqlite3-dbf orphan 0 weeks ago
teseq orphan 0 weeks ago
topojson-client orphan 4 weeks ago
topojson-server orphan 4 weeks ago
topojson-simplify orphan 4 weeks ago
trickle orphan, villadalmine, wolfy 0 weeks ago
uml_utilities chkr, orphan 3 weeks ago
vanessa_adt orphan 0 weeks ago
vanessa_socket orphan 0 weeks ago
xcf-pixbuf-loader orphan 6 weeks ago
xmlgraphics-commons orphan 0 weeks ago
The following packages require above mentioned packages:
Depending on: fx (1), status change: 2021-12-22 (4 weeks ago)
fx-completion (maintained by: orphan)
fx-completion-1.0.5-5.fc36.noarch requires npm(fx) = 20.0.2
fx-completion-1.0.5-5.fc36.src requires npm(fx) = 20.0.2
Depending on: gloox (1), status change: 2022-01-18 (0 weeks ago)
0ad (maintained by: bruno, ignatenkobrain, pwalter)
0ad-0.0.25b-2.fc36.src requires gloox-devel = 1:1.0.23-5.fc35
0ad-0.0.25b-2.fc36.x86_64 requires libgloox.so.17()(64bit)
Depending on: iodine (2), status change: 2022-01-18 (0 weeks ago)
NetworkManager-iodine (maintained by: danfruehauf)
NetworkManager-iodine-1.2.0-14.fc35.x86_64 requires iodine-client = 0.7.0-18.fc35
plasma-nm (maintained by: kde-sig, rdieter)
plasma-nm-iodine-5.23.90-1.fc36.i686 requires NetworkManager-iodine =
1.2.0-14.fc35
plasma-nm-iodine-5.23.90-1.fc36.x86_64 requires NetworkManager-iodine =
1.2.0-14.fc35
Depending on: perl-File-Inplace (1), status change: 2022-01-18 (0 weeks ago)
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires perl(File::Inplace) = 0.20
publican-4.3.2-22.fc35.src requires perl(File::Inplace) = 0.20
Depending on: perl-HTML-FormatText-WithLinks-AndTables (3), status change:
2022-01-18 (0 weeks ago)
perl-Email-Template (maintained by: eseyman)
perl-Email-Template-0.02-18.fc35.noarch requires
perl(HTML::FormatText::WithLinks::AndTables) = 0.07
perl-Email-Template-0.02-18.fc35.src requires
perl(HTML::FormatText::WithLinks::AndTables) = 0.07
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires
perl(HTML::FormatText::WithLinks::AndTables) = 0.07
publican-4.3.2-22.fc35.src requires
perl(HTML::FormatText::WithLinks::AndTables) = 0.07
rt (maintained by: corsepiu)
rt-4.4.5-4.fc36.noarch requires perl(HTML::FormatText::WithLinks::AndTables)
= 0.07
rt-4.4.5-4.fc36.src requires perl(HTML::FormatText::WithLinks::AndTables) = 0.07
Depending on: perl-IO-Any (2), status change: 2022-01-18 (0 weeks ago)
perl-JSON-Util (maintained by: orphan)
perl-JSON-Util-0.06-18.fc35.noarch requires perl(IO::Any) = 0.09
perl-JSON-Util-0.06-18.fc35.src requires perl(IO::Any) = 0.09
perl-Sys-Path (maintained by: orphan)
perl-Sys-Path-0.16-13.fc35.noarch requires perl(JSON::Util) = 0.06
perl-Sys-Path-0.16-13.fc35.src requires perl(JSON::Util) = 0.06
Depending on: perl-JSON-Util (1), status change: 2022-01-18 (0 weeks ago)
perl-Sys-Path (maintained by: orphan)
perl-Sys-Path-0.16-13.fc35.noarch requires perl(JSON::Util) = 0.06
perl-Sys-Path-0.16-13.fc35.src requires perl(JSON::Util) = 0.06
Depending on: perl-Lingua-EN-Fathom (1), status change: 2022-01-18 (0 weeks ago)
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires perl(Lingua::EN::Fathom) = 1.22
publican-4.3.2-22.fc35.src requires perl(Lingua::EN::Fathom) = 1.22
Depending on: perl-Lingua-EN-Syllable (2), status change: 2022-01-18 (0 weeks ago)
perl-Lingua-EN-Fathom (maintained by: jfearn, orphan)
perl-Lingua-EN-Fathom-1.22-10.fc35.noarch requires perl(Lingua::EN::Syllable)
= 0.30
perl-Lingua-EN-Fathom-1.22-10.fc35.src requires perl(Lingua::EN::Syllable) = 0.30
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires perl(Lingua::EN::Fathom) = 1.22
publican-4.3.2-22.fc35.src requires perl(Lingua::EN::Fathom) = 1.22
Depending on: perl-Locale-Maketext-Gettext (2), status change: 2022-01-18 (0
weeks ago)
perl-Locale-Msgfmt (maintained by: jplesnik, ppisar)
perl-Locale-Msgfmt-0.15-31.fc35.src requires perl(Locale::Maketext::Gettext)
= 1.32
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires perl(Locale::Maketext::Gettext) = 1.32
publican-4.3.2-22.fc35.src requires perl(Locale::Maketext::Gettext) = 1.32,
perl(Locale::Msgfmt) = 0.15
Depending on: perl-String-Similarity (1), status change: 2022-01-21 (0 weeks ago)
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires perl(String::Similarity) = 1.04
publican-4.3.2-22.fc35.src requires perl(String::Similarity) = 1.04
Depending on: perl-Test-Fixme (23), status change: 2022-01-18 (0 weeks ago)
perl-Test-Apocalypse (maintained by: jplesnik, ppisar)
perl-Test-Apocalypse-1.006-22.fc35.noarch requires perl(Test::Fixme) = 0.16,
perl(Test::Pod::No404s) = 0.02
perl-Test-Apocalypse-1.006-22.fc35.src requires perl(Test::Fixme) = 0.16,
perl(Test::Pod::No404s) = 0.02
perl-Test-Pod-No404s (maintained by: jplesnik, ppisar)
perl-Test-Pod-No404s-0.02-28.fc35.src requires perl(Test::Apocalypse) = 1.006
perl-Module-Implementation (maintained by: pghmcfc)
perl-Module-Implementation-0.09-31.fc35.src requires perl(Test::Pod::No404s)
= 0.02
imapsync (maintained by: nb)
imapsync-1.977-3.fc35.src requires perl(Module::Implementation) = 0.09
perl-B-Hooks-EndOfScope (maintained by: jplesnik, mspacek, pghmcfc, ppisar)
perl-B-Hooks-EndOfScope-0.25-1.fc36.noarch requires
perl(Module::Implementation) = 0.09
perl-B-Hooks-EndOfScope-0.25-1.fc36.src requires perl(Module::Implementation)
= 0.09
perl-Class-Load (maintained by: pghmcfc)
perl-Class-Load-0.25-17.fc35.noarch requires perl(Module::Implementation) = 0.09
perl-Class-Load-0.25-17.fc35.src requires perl(Module::Implementation) = 0.09
perl-Class-Load-XS (maintained by: pghmcfc)
perl-Class-Load-XS-0.10-16.fc35.src requires perl(Module::Implementation) = 0.09
perl-List-SomeUtils (maintained by: jplesnik, ppisar)
perl-List-SomeUtils-0.58-7.fc35.noarch requires perl(Module::Implementation)
= 0.09
perl-List-SomeUtils-0.58-7.fc35.src requires perl(Module::Implementation) = 0.09
perl-MaxMind-DB-Reader (maintained by: perl-maint-sig, ppisar)
perl-MaxMind-DB-Reader-1.000014-4.fc35.noarch requires
perl(Module::Implementation) = 0.09
perl-MaxMind-DB-Reader-1.000014-4.fc35.src requires
perl(Module::Implementation) = 0.09
perl-MaxMind-DB-Reader-XS (maintained by: perl-maint-sig, ppisar)
perl-MaxMind-DB-Reader-XS-1.000008-4.fc35.src requires
perl(Module::Implementation) = 0.09
perl-Package-Stash (maintained by: pghmcfc)
perl-Package-Stash-0.39-4.fc35.noarch requires perl(Module::Implementation) =
0.09
perl-Package-Stash-0.39-4.fc35.src requires perl(Module::Implementation) = 0.09
perl-Params-Validate (maintained by: corsepiu, laxathom, pghmcfc, steve)
perl-Params-Validate-1.30-4.fc35.src requires perl(Module::Implementation) = 0.09
perl-Params-Validate-1.30-4.fc35.x86_64 requires perl(Module::Implementation)
= 0.09
perl-B-Hooks-Parser (maintained by: wfp)
perl-B-Hooks-Parser-0.21-9.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
perl-Catalyst-Runtime (maintained by: eseyman, iarnell, jplesnik, ppisar)
perl-Catalyst-Runtime-5.90126-8.fc35.noarch requires
perl(B::Hooks::EndOfScope) = 0.25
perl-Devel-Declare (maintained by: averi, iarnell, pghmcfc)
perl-Devel-Declare-0.006022-8.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
perl-Devel-Declare-0.006022-8.fc35.x86_64 requires perl(B::Hooks::EndOfScope)
= 0.25
perl-Devel-Declare-Parser (maintained by: jplesnik, ppisar)
perl-Devel-Declare-Parser-0.020-20.fc35.noarch requires
perl(B::Hooks::EndOfScope) = 0.25
perl-Devel-Declare-Parser-0.020-20.fc35.src requires
perl(B::Hooks::EndOfScope) = 0.25
perl-MooX-Struct (maintained by: eseyman, jplesnik)
perl-MooX-Struct-0.020-6.fc35.noarch requires perl(B::Hooks::EndOfScope) = 0.25
perl-MooX-Struct-0.020-6.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
perl-MooseX-MarkAsMethods (maintained by: eseyman, jplesnik)
perl-MooseX-MarkAsMethods-0.15-26.fc35.noarch requires
perl(B::Hooks::EndOfScope) = 0.25
perl-MooseX-MarkAsMethods-0.15-26.fc35.src requires
perl(B::Hooks::EndOfScope) = 0.25
perl-MooseX-Method-Signatures (maintained by: eseyman, iarnell, ppisar)
perl-MooseX-Method-Signatures-0.49-18.fc35.noarch requires
perl(B::Hooks::EndOfScope) = 0.25
perl-MooseX-Method-Signatures-0.49-18.fc35.src requires
perl(B::Hooks::EndOfScope) = 0.25
perl-TryCatch (maintained by: jplesnik, ppisar)
perl-TryCatch-1.003002-27.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
perl-TryCatch-1.003002-27.fc35.x86_64 requires perl(B::Hooks::EndOfScope) = 0.25
perl-namespace-autoclean (maintained by: iarnell, jplesnik, mspacek, pghmcfc,
ppisar)
perl-namespace-autoclean-0.29-9.fc35.noarch requires
perl(B::Hooks::EndOfScope) = 0.25
perl-namespace-autoclean-0.29-9.fc35.src requires perl(B::Hooks::EndOfScope)
= 0.25
perl-namespace-clean (maintained by: jplesnik, mspacek, pghmcfc, ppisar)
perl-namespace-clean-0.27-18.fc35.noarch requires perl(B::Hooks::EndOfScope)
= 0.25
perl-namespace-clean-0.27-18.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
perl-namespace-sweep (maintained by: corsepiu, perl-sig, xavierb)
perl-namespace-sweep-0.006-15.fc35.noarch requires perl(B::Hooks::EndOfScope)
= 0.25
perl-namespace-sweep-0.006-15.fc35.src requires perl(B::Hooks::EndOfScope) = 0.25
Too many dependencies for perl-Test-Fixme, not all listed here
Depending on: plexus-i18n (21), status change: 2022-01-19 (0 weeks ago)
antlr-maven-plugin (maintained by: lef, spot)
antlr-maven-plugin-2.2-30.fc35.noarch requires
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0,
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
antlr-maven-plugin-2.2-30.fc35.src requires
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0,
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
maven-doxia-sitetools (maintained by: jjames, mizdebsk)
maven-doxia-sitetools-1.9.2-5.fc35.noarch requires
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
maven-doxia-sitetools-1.9.2-5.fc35.src requires
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
maven-invoker-plugin (maintained by: korkeala, mizdebsk)
maven-invoker-plugin-3.2.1-6.fc35.noarch requires
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2,
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0,
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
maven-invoker-plugin-3.2.1-6.fc35.src requires
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2,
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0,
mvn(org.codehaus.plexus:plexus-i18n) = 1.0.beta.10
javacc-maven-plugin (maintained by: jjames, mizdebsk)
javacc-maven-plugin-2.6-33.fc35.noarch requires
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2,
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0
javacc-maven-plugin-2.6-33.fc35.src requires
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2,
mvn(org.apache.maven.reporting:maven-reporting-impl) = 3.0.0
maven-reporting-impl (maintained by: jjames, mizdebsk)
maven-reporting-impl-3.0.0-12.fc36.noarch requires
mvn(org.apache.maven.doxia:doxia-decoration-model) = 1.9.2,
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2
maven-reporting-impl-3.0.0-12.fc36.src requires
mvn(org.apache.maven.doxia:doxia-decoration-model) = 1.9.2,
mvn(org.apache.maven.doxia:doxia-site-renderer) = 1.9.2
clojure-maven-plugin (maintained by: korkeala)
clojure-maven-plugin-1.8.4-4.fc35.src requires
mvn(org.apache.maven.plugins:maven-invoker-plugin) = 3.2.1
maven-scm (maintained by: guidograzioli, jcapik, mizdebsk, msimacek)
maven-scm-1.10.0-11.fc35.src requires
mvn(org.apache.maven.plugins:maven-invoker-plugin) = 3.2.1
mojo-executor (maintained by: jjames)
mojo-executor-2.3.2-1.fc36.src requires
mvn(org.apache.maven.plugins:maven-invoker-plugin) = 3.2.1
xml-maven-plugin (maintained by: ke4qqq, mbooth, mizdebsk)
xml-maven-plugin-1.0.2-9.fc35.src requires
mvn(org.apache.maven.plugins:maven-invoker-plugin) = 3.2.1
jacop (maintained by: pcpa)
jacop-4.8-5.fc36.src requires mvn(org.codehaus.mojo:javacc-maven-plugin) = 2.6
javaparser (maintained by: cdorney, cfu, jmagne, korkeala, mharmsen)
javaparser-3.22.0-1.fc36.src requires
mvn(org.codehaus.mojo:javacc-maven-plugin) = 2.6
clojure-core-specs-alpha (maintained by: korkeala)
clojure-core-specs-alpha-1:0.2.56-2.fc35.src requires
mvn(com.theoryinpractise:clojure-maven-plugin) = 1.8.4,
mvn(org.clojure:spec.alpha) = 0.2.194
clojure-spec-alpha (maintained by: korkeala)
clojure-spec-alpha-1:0.2.194-3.fc35.src requires
mvn(com.theoryinpractise:clojure-maven-plugin) = 1.8.4
buildnumber-maven-plugin (maintained by: jjelen)
buildnumber-maven-plugin-1.3-19.fc35.noarch requires
mvn(org.apache.maven.scm:maven-scm-api) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-manager-plexus) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-bazaar) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-clearcase) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-cvsexe) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-gitexe) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-hg) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-perforce) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-starteam) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-svn-commons) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-svnexe) = 1.10.0
buildnumber-maven-plugin-1.3-19.fc35.src requires
mvn(org.apache.maven.scm:maven-scm-api) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-manager-plexus) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-bazaar) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-clearcase) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-cvsexe) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-gitexe) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-hg) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-perforce) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-starteam) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-svn-commons) = 1.10.0,
mvn(org.apache.maven.scm:maven-scm-provider-svnexe) = 1.10.0
string-template-maven-plugin (maintained by: jjames)
string-template-maven-plugin-1.1-5.fc36.noarch requires
mvn(org.twdata.maven:mojo-executor) = 2.3.2
string-template-maven-plugin-1.1-5.fc36.src requires
mvn(org.twdata.maven:mojo-executor-maven-plugin) = 2.3.2
fop (maintained by: mizdebsk, peter, ttorling)
fop-2.6-3.fc36.src requires xml-maven-plugin = 1.0.2-9.fc35
mp (maintained by: pcpa, sagitter)
mp-3.1.0-35.20200303git7fd4828.fc36.src requires jacop = 4.8-5.fc36
mp-3.1.0-35.20200303git7fd4828.fc36.x86_64 requires jacop = 4.8-5.fc36
jctools (maintained by: pwouters)
jctools-3.3.0-1.fc35.src requires mvn(com.github.javaparser:javaparser-core)
= 3.22.0
clojure (maintained by: korkeala, kushal, s4504kr, walters)
clojure-1:1.10.3-2.fc35.noarch requires mvn(org.clojure:core.specs.alpha) =
0.2.56, mvn(org.clojure:spec.alpha) = 0.2.194
clojure-1:1.10.3-2.fc35.src requires mvn(org.clojure:core.specs.alpha) =
0.2.56, mvn(org.clojure:spec.alpha) = 0.2.194
jacoco (maintained by: didiksupriadi41, jvanek, kdaniel, lef)
jacoco-0.8.7-3.fc36.src requires
mvn(org.codehaus.mojo:buildnumber-maven-plugin) = 1.3
xmpcore (maintained by: cquad, jjelen)
xmpcore-5.1.2-17.fc35.src requires buildnumber-maven-plugin = 1.3-19.fc35
Too many dependencies for plexus-i18n, not all listed here
Depending on: pstreams-devel (1), status change: 2022-01-18 (0 weeks ago)
pdf2djvu (maintained by: filiperosset)
pdf2djvu-0.9.18.2-2.fc36.src requires pstreams-devel = 1.0.3-4.fc35
Depending on: python-cmigemo (1), status change: 2022-01-18 (0 weeks ago)
percol (maintained by: orphan)
percol-0.1.1-0.22.git.b567f41.fc35.noarch requires python3-cmigemo =
0.1.6-22.fc35, python3.10dist(cmigemo) = 0.1.6
percol-0.1.1-0.22.git.b567f41.fc35.src requires python3-cmigemo = 0.1.6-22.fc35
Depending on: python-pykwalify (2), status change: 2022-01-18 (0 weeks ago)
borgmatic (maintained by: heffer)
borgmatic-1.5.21-1.fc36.noarch requires python3-pykwalify = 1.7.0-12.fc35
cekit (maintained by: goldmann, rnc)
cekit-3.12.0-1.fc36.noarch requires python3-pykwalify = 1.7.0-12.fc35,
python3.10dist(pykwalify) = 1.7
cekit-3.12.0-1.fc36.src requires python3-pykwalify = 1.7.0-12.fc35
Depending on: xmlgraphics-commons (32), status change: 2022-01-18 (0 weeks ago)
batik (maintained by: jvanek, mbooth, mizdebsk)
batik-1.14-3.fc35.noarch requires
mvn(org.apache.xmlgraphics:xmlgraphics-commons) = 2.6
batik-1.14-3.fc35.src requires
mvn(org.apache.xmlgraphics:xmlgraphics-commons) = 2.6
batik-css-1.14-3.fc35.noarch requires
mvn(org.apache.xmlgraphics:xmlgraphics-commons) = 2.6
fop (maintained by: mizdebsk, peter, ttorling)
fop-2.6-3.fc36.noarch requires mvn(org.apache.xmlgraphics:batik-anim) = 1.14,
mvn(org.apache.xmlgraphics:batik-awt-util) = 1.14,
mvn(org.apache.xmlgraphics:batik-bridge) = 1.14,
mvn(org.apache.xmlgraphics:batik-extension) = 1.14,
mvn(org.apache.xmlgraphics:batik-gvt) = 1.14,
mvn(org.apache.xmlgraphics:batik-transcoder) = 1.14,
mvn(org.apache.xmlgraphics:xmlgraphics-commons) = 2.6
fop-2.6-3.fc36.src requires batik = 1.14-3.fc35, xmlgraphics-commons = 2.6-2.fc35
ditaa (maintained by: terjeros)
ditaa-0.10-14.fc35.noarch requires batik = 1.14-3.fc35
ditaa-0.10-14.fc35.src requires batik = 1.14-3.fc35
bibletime (maintained by: cicku, deji, greghellings)
bibletime-3.0.2-1.fc36.src requires fop = 2.6-3.fc36
publican (maintained by: jfearn, orphan)
publican-4.3.2-22.fc35.noarch requires fop = 2.6-3.fc36
publican-4.3.2-22.fc35.src requires fop = 2.6-3.fc36
scons (maintained by: fab, moceap, mskalick, panovotn, s4504kr, sagitter)
scons-4.3.0-2.fc36.src requires fop = 2.6-3.fc36
boswars (maintained by: bruno, jwrdegoede, timn)
boswars-2.7-26.svn160110.fc35.src requires python3-scons = 4.3.0-2.fc36
cantera (maintained by: fuller)
cantera-2.6.0-0.7.a4.fc36.src requires python3-scons = 4.3.0-2.fc36
compat-tolua++ (maintained by: jwrdegoede)
compat-tolua++-1.0.93-16.fc35.src requires python3-scons = 4.3.0-2.fc36
endless-sky (maintained by: linkdupont)
endless-sky-0.9.14-2.fc35.src requires scons = 4.3.0-2.fc36
glob2 (maintained by: bruno, cheese)
glob2-0.9.4.4-57.fc35.src requires python3-scons = 4.3.0-2.fc36
godot (maintained by: akien)
godot-3.3.3-2.fc36.src requires python3-scons = 4.3.0-2.fc36
gpsd (maintained by: fab, mlichvar, tdawson, ttorling)
gpsd-1:3.23.1-1.fc36.src requires python3-scons = 4.3.0-2.fc36
lcdtest (maintained by: brouhaha)
lcdtest-1.18-27.fc35.src requires scons = 4.3.0-2.fc36
libffado (maintained by: nphilipp)
libffado-2.4.4-5.fc35.src requires python3-scons = 4.3.0-2.fc36
libnxt (maintained by: dwrobel)
libnxt-0.3-26.fc35.src requires scons = 4.3.0-2.fc36
libserf (maintained by: cicku, jorton, tkorbar)
libserf-1.3.9-22.fc36.src requires python3-scons = 4.3.0-2.fc36
mapnik (maintained by: alexlan, tomh)
mapnik-3.1.0-14.fc36.src requires scons = 4.3.0-2.fc36
mingw-nsis (maintained by: lef, rjones, smani, teuf)
mingw-nsis-3.08-1.fc36.src requires python3-scons = 4.3.0-2.fc36
minicomputer (maintained by: verdurin)
minicomputer-1.41-31.fc35.src requires /usr/bin/scons
mypaint (maintained by: avsej)
mypaint-2.0.1-4.fc35.src requires python3-scons = 4.3.0-2.fc36
netpanzer (maintained by: laxathom, limb)
netpanzer-0.8.7-18.fc35.src requires python3-scons = 4.3.0-2.fc36
pingus (maintained by: limb)
pingus-0.7.6-39.fc35.src requires python3-scons = 4.3.0-2.fc36
rmlint (maintained by: eclipseo)
rmlint-2.10.1-6.fc35.src requires scons = 4.3.0-2.fc36
sagemath (maintained by: pcpa)
sagemath-9.4-2.fc36.src requires python3dist(scons) = 4.3
sar2 (maintained by: spot)
sar2-2.5.0-4.fc35.src requires scons = 4.3.0-2.fc36
sunpinyin (maintained by: cicku, fujiwara, helloworld1, liangsuilong, pwu)
sunpinyin-3.0.0-0.6.20190805git.fc35.src requires python3-scons = 4.3.0-2.fc36
tolua++ (maintained by: jwrdegoede, moceap)
tolua++-1.0.93-32.fc35.src requires python3-scons = 4.3.0-2.fc36
v8-314 (maintained by: lkundrak)
v8-314-3.14.5.10-26.fc35.src requires scons = 4.3.0-2.fc36
vdrift (maintained by: limb, rmattes)
vdrift-20141020-25.git5ae309f.fc35.src requires python3-scons = 4.3.0-2.fc36
wesnoth (maintained by: bruno, limb, pwalter)
wesnoth-1.17.0-1.fc36.src requires python3-scons = 4.3.0-2.fc36
zfs-fuse (maintained by: limb)
zfs-fuse-0.7.2.2-21.fc36.src requires scons = 4.3.0-2.fc36
Too many dependencies for xmlgraphics-commons, not all listed here
See dependency chains of your packages at
https://packager-dashboard.fedoraproject.org/
See all orphaned packages at https://packager-dashboard.fedoraproject.org/orphan
Affected (co)maintainers (either directly or via packages' dependencies):
aarem: slim
akien: xmlgraphics-commons
alexlan: xmlgraphics-commons
astro-sig: siril
averi: perl-Test-Fixme
avsej: xmlgraphics-commons
brouhaha: xmlgraphics-commons
bruno: xmlgraphics-commons, gloox
cdorney: plexus-i18n
cfu: plexus-i18n
cheese: xmlgraphics-commons
chkr: uml_utilities
cicku: xmlgraphics-commons, gloox
corsepiu: perl-HTML-FormatText-WithLinks-AndTables, perl-Test-Fixme
cquad: plexus-i18n
danfruehauf: iodine
davidsch: gloox
deji: xmlgraphics-commons
didiksupriadi41: plexus-i18n
dwrobel: xmlgraphics-commons
eclipseo: xmlgraphics-commons
eseyman: perl-HTML-FormatText-WithLinks-AndTables, perl-Test-Fixme
fab: xmlgraphics-commons
filiperosset: pstreams-devel
fjanus: kea
fujiwara: xmlgraphics-commons
fuller: xmlgraphics-commons
goldmann: python-pykwalify
greghellings: xmlgraphics-commons
guidograzioli: plexus-i18n
heffer: python-pykwalify
helloworld1: xmlgraphics-commons
iarnell: perl-Test-Fixme
ignatenkobrain: gloox, python-jenkins-job-builder
jcapik: plexus-i18n
jfearn: xmlgraphics-commons, publican, perl-String-Similarity,
perl-HTML-FormatText-WithLinks-AndTables, perl-Locale-Maketext-Gettext,
perl-File-Inplace, perl-Lingua-EN-Syllable, perl-Lingua-EN-Fathom
jjames: plexus-i18n
jjelen: plexus-i18n
jmagne: plexus-i18n
jonny: python-btchip
jorton: xmlgraphics-commons
jplesnik: perl-Locale-Maketext-Gettext, perl-Test-Fixme
jvanek: plexus-i18n, xmlgraphics-commons
jwakely: pstreams-devel
jwrdegoede: xmlgraphics-commons
kdaniel: plexus-i18n
kde-sig: iodine
ke4qqq: plexus-i18n
kni: pmount
korkeala: plexus-i18n
ktdreyer: python-jenkins-job-builder
kushal: plexus-i18n
laxathom: xmlgraphics-commons, perl-Test-Fixme
lcons: perl-String-Similarity
lef: plexus-i18n, xmlgraphics-commons
liangsuilong: xmlgraphics-commons
limb: fotoxx, xmlgraphics-commons
linkdupont: xmlgraphics-commons
lkundrak: xmlgraphics-commons, siril
lupinix: siril
lystor: iodine
mbooth: plexus-i18n, xmlgraphics-commons
mharmsen: plexus-i18n
mizdebsk: plexus-i18n, xmlgraphics-commons
mlichvar: xmlgraphics-commons
moceap: xmlgraphics-commons
msimacek: plexus-i18n
mskalick: xmlgraphics-commons
mspacek: perl-Test-Fixme
nb: perl-Test-Fixme
ngompa: pacmanager
nodejs-sig: nodejs-svgo
nphilipp: xmlgraphics-commons
pabelanger: python-jenkins-job-builder
panovotn: xmlgraphics-commons
pcpa: plexus-i18n, xmlgraphics-commons
perl-maint-sig: perl-Test-Fixme
perl-sig: perl-Test-Fixme
peter: plexus-i18n, xmlgraphics-commons
pghmcfc: perl-Test-Fixme
ppisar: perl-Locale-Maketext-Gettext, perl-Test-Fixme
pwalter: xmlgraphics-commons, gloox
pwouters: plexus-i18n
pwu: xmlgraphics-commons
rdieter: iodine
rjones: xmlgraphics-commons
rmattes: xmlgraphics-commons
rnc: python-pykwalify
s4504kr: plexus-i18n, xmlgraphics-commons
sagitter: plexus-i18n, xmlgraphics-commons
smani: xmlgraphics-commons
spot: plexus-i18n, xmlgraphics-commons
steve: perl-Test-Fixme
tdawson: xmlgraphics-commons
terjeros: xmlgraphics-commons
teuf: xmlgraphics-commons
timn: xmlgraphics-commons
tkorbar: xmlgraphics-commons
tomh: xmlgraphics-commons
ttorling: plexus-i18n, xmlgraphics-commons
verdurin: xmlgraphics-commons
villadalmine: trickle
walters: plexus-i18n
wfp: perl-Test-Fixme
wolfy: trickle, mysqlreport
xavierb: perl-Test-Fixme
zdohnal: kea
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[USN-5250-1] strongSwan vulnerability
==========================================================================
Ubuntu Security Notice USN-5250-1
January 24, 2022
strongswan vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
strongSwan could crash or allow unintended access to network services.
Software Description:
- strongswan: IPsec VPN solution
Details:
Zhuowei Zhang discovered that stringSwan incorrectly handled EAP
authentication. A remote attacker could use this issue to cause strongSwan
to crash, resulting in a denial of service, or possibly bypass client and
server authentication.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
libstrongswan 5.9.1-1ubuntu3.2
strongswan 5.9.1-1ubuntu3.2
Ubuntu 20.04 LTS:
libstrongswan 5.8.2-1ubuntu3.4
strongswan 5.8.2-1ubuntu3.4
Ubuntu 18.04 LTS:
libstrongswan 5.6.2-1ubuntu2.8
strongswan 5.6.2-1ubuntu2.8
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5250-1
CVE-2021-45079
Package Information:
https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu3.2
https://launchpad.net/ubuntu/+source/strongswan/5.8.2-1ubuntu3.4
https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.8
Ubuntu Security Notice USN-5250-1
January 24, 2022
strongswan vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
strongSwan could crash or allow unintended access to network services.
Software Description:
- strongswan: IPsec VPN solution
Details:
Zhuowei Zhang discovered that stringSwan incorrectly handled EAP
authentication. A remote attacker could use this issue to cause strongSwan
to crash, resulting in a denial of service, or possibly bypass client and
server authentication.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
libstrongswan 5.9.1-1ubuntu3.2
strongswan 5.9.1-1ubuntu3.2
Ubuntu 20.04 LTS:
libstrongswan 5.8.2-1ubuntu3.4
strongswan 5.8.2-1ubuntu3.4
Ubuntu 18.04 LTS:
libstrongswan 5.6.2-1ubuntu2.8
strongswan 5.6.2-1ubuntu2.8
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5250-1
CVE-2021-45079
Package Information:
https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu3.2
https://launchpad.net/ubuntu/+source/strongswan/5.8.2-1ubuntu3.4
https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.8
[USN-5243-2] AIDE vulnerability
==========================================================================
Ubuntu Security Notice USN-5243-2
January 20, 2022
aide vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
AIDE could be made to crash or run programs as an administrator if it
opened a specially crafted file.
Software Description:
- aide: Advanced Intrusion Detection Environment - static binary
Details:
USN-5243-1 fixed a vulnerability in aide. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
David Bouman discovered that AIDE incorrectly handled base64 operations. A
local attacker could use this issue to cause AIDE to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
aide 0.16~a2.git20130520-3ubuntu0.1~esm1
Ubuntu 14.04 ESM:
aide 0.16~a2.git20130520-2ubuntu0.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5243-2
https://ubuntu.com/security/notices/USN-5243-1
CVE-2021-45417
Ubuntu Security Notice USN-5243-2
January 20, 2022
aide vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
AIDE could be made to crash or run programs as an administrator if it
opened a specially crafted file.
Software Description:
- aide: Advanced Intrusion Detection Environment - static binary
Details:
USN-5243-1 fixed a vulnerability in aide. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
David Bouman discovered that AIDE incorrectly handled base64 operations. A
local attacker could use this issue to cause AIDE to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
aide 0.16~a2.git20130520-3ubuntu0.1~esm1
Ubuntu 14.04 ESM:
aide 0.16~a2.git20130520-2ubuntu0.1+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5243-2
https://ubuntu.com/security/notices/USN-5243-1
CVE-2021-45417
Planned Outage - bodhi.fedoraproject.org - 2022-01-26 12:00 UTC
Planned Outage - bodhi.fedoraproject.org - 2022-01-26 12:00 UTC
There will be a partial outage starting on wednesday at 2022-01-26 12:00 UTC
which will last approximately 2 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto
or run:
date -d '2022-01-26 12:00 UTC'
Reason for outage:
Bodhi will be properly upgraded to 5.7.4 - the code code changes are
reasonably small and shouldn't pose much impact. As part of this we
will be changing some of the deployment configuration to help with
problems like https://github.com/fedora-infra/bodhi/issues/4344
Affected Services:
bodhi / updates.fedoraproject.org may be down or unresponsive during
the upgrade window
Ticket Link:
https://pagure.io/fedora-infrastructure/issue/10494
Please join #fedora-admin or #fedora-noc on libera.chat
or add comments to the ticket for this outage above.
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
There will be a partial outage starting on wednesday at 2022-01-26 12:00 UTC
which will last approximately 2 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto
or run:
date -d '2022-01-26 12:00 UTC'
Reason for outage:
Bodhi will be properly upgraded to 5.7.4 - the code code changes are
reasonably small and shouldn't pose much impact. As part of this we
will be changing some of the deployment configuration to help with
problems like https://github.com/fedora-infra/bodhi/issues/4344
Affected Services:
bodhi / updates.fedoraproject.org may be down or unresponsive during
the upgrade window
Ticket Link:
https://pagure.io/fedora-infrastructure/issue/10494
Please join #fedora-admin or #fedora-noc on libera.chat
or add comments to the ticket for this outage above.
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Sunday, January 23, 2022
OpenBSD Errata: January 24, 2022 (ppctrap)
Errata patches for macppc kernel trap handler have been released
for OpenBSD 6.9 and 7.0.
Source code patches can be found on the respective errata page:
https://www.openbsd.org/errata69.html
https://www.openbsd.org/errata70.html
for OpenBSD 6.9 and 7.0.
Source code patches can be found on the respective errata page:
https://www.openbsd.org/errata69.html
https://www.openbsd.org/errata70.html
Friday, January 21, 2022
F37 Change: Python Dist RPM provides to only provide PEP503-normalized names (Self-Contained Change proposal)
https://fedoraproject.org/wiki/Changes/PythonDistPEP503ProvidesOnly
== Summary ==
The legacy `python3dist(NAME)` and `python3.11dist(NAME)` RPM provides
with dots (`.`) in `NAME` will no longer be automatically provided.
`NAME` will only be normalized according to
[https://www.python.org/dev/peps/pep-0503/#normalized-names PEP 503].
E.g. on Fedora 36 a package provides both `python3dist(ruamel-yaml)`
and `python3dist(ruamel.yaml)`, on Fedora 37+ it will only provide
`python3dist(ruamel-yaml)` (and similarly,
`python3.11dist(ruamel-yaml)`.
== Owner ==
* Name: [[User:Churchyard|Miro Hrončok]]
* Email: mhroncok@redhat.com
== Detailed Description ==
This change is only about about automatic RPM provides in the following forms:
* `python3dist(NAME)`
* `python3.Xdist(NAME)`
It does not affect any other provides or package names.
Historically, Python package names were normalized by the RPM
dependency generators in a way that diverged from upstream behavior.
In upstream (e.g. when using `pip`) a package name with a dot is equal
to a package name with a dash (e.g. `pip install ruamel.yaml` and `pip
install ruamel-yaml` are equivalent). In Fedora, the ''Provides'' and
''Requires'' included the dot, but upstream rules defined in
[https://www.python.org/dev/peps/pep-0503/#normalized-names PEP 503]
demand the dot to be replaced by a dash. This caused trouble when
other packages required the packages via a name with a dash. Hence, we
have slowly been migrating to PEP 503 name normalization.
* Since Fedora 32, Python dependency generators have generated both
variants of the ''Provides'' as a preparation for the transition to
PEP 503-only.
* Since Fedora 33, Python dependency generators have generated
''Requires'' in the PEP 503 form (no dots).
* Only packages with manual ''BuildRequires'', ''Requires'',
''Recommends'' etc. with requirements such as `python3dist(foo.bar)`
would be affected by this change. We have fixed all of them in Fedora
36.
Hence, together with [[Changes/Python3.11|the update to Python3.11]],
we will disable the legacy form of the provides.
Python packages with dots in their name will only provide the names with dashes.
=== RHEL/EPEL compatibility ===
This change is fully compatible with RHEL/EPEL 9, which behaves like
Fedora 34 and hence has ''Provides'' in both forms but ''Requires'' in
the PEP 503 form (no dots).
This change is not compatible with RHEL/EPEL 8. If you need to have
manual requirements in the specfile that should work on Fedora 37+ and
RHEL/EPEL 8 in this form and the name includes a dot, we recommend
using [https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#py3_dist
`%py3_dsit`].
This change is not relevant to RHEL 7.
This change is not compatible with EPEL 7. If you need to have manual
requirements in the specfile that should work on Fedora 37+ and
RHEL/EPEL 7 in this form and the name includes a dot, we recommend
using [https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#py3_dist
`%py3_dsit`].
== Benefit to Fedora ==
* Less automatic provides in the repos - there are 93+93=186 provides
like `python3dist(x.y)` and `python3.Xdist(x.y)` in rawhide today.
* There will be only way way to express a Python package name in this
context, not two.
* One more thing the Python maintainers will cross off their TODO list.
== Scope ==
* Proposal owners:
# check there are really no more manual requirements with dots
# disable the automatically generated provides with dots when we
update to Python 3.11
# double-check there are really no more manual requirements with dots
* Other developers:
** stop adding new manual Python dist requirements with dots
* Release engineering: not needed for this Change
* Policies and guidelines: they already only cover PEP 503
* Trademark approval: not needed for this Change
* Alignment with Objectives: not really
== Upgrade/compatibility impact ==
This is done together with the Python 3.11 update to not have to deal
with little problems, such as packages that can't be rebuilt after the
manual requirements were changed.
== How To Test ==
The following 2 commands should yield nothing:
$ repoquery --repo=rawhide --provides | grep -E
'^python3(\.[[:digit:]]+)?dist\(\S+\.\S+\)'
$ repoquery --repo=rawhide --requires | grep -E
'^python3(\.[[:digit:]]+)?dist\(\S+\.\S+\)'
With the exception of packages that failed to rebuild with Python 3.11
(and those will need to be dealt with anyway one way or another).
The following example commands should only give the variant with dashes:
$ repoquery --repo=rawhide --provides python3-ruamel-yaml | grep -E
'^python3(\.[[:digit:]]+)?dist\('
$ repoquery --repo=rawhide --provides python3-jaraco-path | grep -E
'^python3(\.[[:digit:]]+)?dist\('
There should be no new broken dependencies because of this.
Note that wiki is eating my double `[]` in the regexes above around
`:digit:`. See the page source for the actual commands :(
== User Experience ==
The actual users should notice no difference.
== Dependencies ==
We need [[Changes/Python3.11]] to happen together with this.
== Contingency Plan ==
* Contingency mechanism: the change owners will revert the change and
the mass rebuild will handle the packages that need the legacy form of
the provides
* Contingency deadline: mass rebuild
* Blocks release? No
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
== Summary ==
The legacy `python3dist(NAME)` and `python3.11dist(NAME)` RPM provides
with dots (`.`) in `NAME` will no longer be automatically provided.
`NAME` will only be normalized according to
[https://www.python.org/dev/peps/pep-0503/#normalized-names PEP 503].
E.g. on Fedora 36 a package provides both `python3dist(ruamel-yaml)`
and `python3dist(ruamel.yaml)`, on Fedora 37+ it will only provide
`python3dist(ruamel-yaml)` (and similarly,
`python3.11dist(ruamel-yaml)`.
== Owner ==
* Name: [[User:Churchyard|Miro Hrončok]]
* Email: mhroncok@redhat.com
== Detailed Description ==
This change is only about about automatic RPM provides in the following forms:
* `python3dist(NAME)`
* `python3.Xdist(NAME)`
It does not affect any other provides or package names.
Historically, Python package names were normalized by the RPM
dependency generators in a way that diverged from upstream behavior.
In upstream (e.g. when using `pip`) a package name with a dot is equal
to a package name with a dash (e.g. `pip install ruamel.yaml` and `pip
install ruamel-yaml` are equivalent). In Fedora, the ''Provides'' and
''Requires'' included the dot, but upstream rules defined in
[https://www.python.org/dev/peps/pep-0503/#normalized-names PEP 503]
demand the dot to be replaced by a dash. This caused trouble when
other packages required the packages via a name with a dash. Hence, we
have slowly been migrating to PEP 503 name normalization.
* Since Fedora 32, Python dependency generators have generated both
variants of the ''Provides'' as a preparation for the transition to
PEP 503-only.
* Since Fedora 33, Python dependency generators have generated
''Requires'' in the PEP 503 form (no dots).
* Only packages with manual ''BuildRequires'', ''Requires'',
''Recommends'' etc. with requirements such as `python3dist(foo.bar)`
would be affected by this change. We have fixed all of them in Fedora
36.
Hence, together with [[Changes/Python3.11|the update to Python3.11]],
we will disable the legacy form of the provides.
Python packages with dots in their name will only provide the names with dashes.
=== RHEL/EPEL compatibility ===
This change is fully compatible with RHEL/EPEL 9, which behaves like
Fedora 34 and hence has ''Provides'' in both forms but ''Requires'' in
the PEP 503 form (no dots).
This change is not compatible with RHEL/EPEL 8. If you need to have
manual requirements in the specfile that should work on Fedora 37+ and
RHEL/EPEL 8 in this form and the name includes a dot, we recommend
using [https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#py3_dist
`%py3_dsit`].
This change is not relevant to RHEL 7.
This change is not compatible with EPEL 7. If you need to have manual
requirements in the specfile that should work on Fedora 37+ and
RHEL/EPEL 7 in this form and the name includes a dot, we recommend
using [https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#py3_dist
`%py3_dsit`].
== Benefit to Fedora ==
* Less automatic provides in the repos - there are 93+93=186 provides
like `python3dist(x.y)` and `python3.Xdist(x.y)` in rawhide today.
* There will be only way way to express a Python package name in this
context, not two.
* One more thing the Python maintainers will cross off their TODO list.
== Scope ==
* Proposal owners:
# check there are really no more manual requirements with dots
# disable the automatically generated provides with dots when we
update to Python 3.11
# double-check there are really no more manual requirements with dots
* Other developers:
** stop adding new manual Python dist requirements with dots
* Release engineering: not needed for this Change
* Policies and guidelines: they already only cover PEP 503
* Trademark approval: not needed for this Change
* Alignment with Objectives: not really
== Upgrade/compatibility impact ==
This is done together with the Python 3.11 update to not have to deal
with little problems, such as packages that can't be rebuilt after the
manual requirements were changed.
== How To Test ==
The following 2 commands should yield nothing:
$ repoquery --repo=rawhide --provides | grep -E
'^python3(\.[[:digit:]]+)?dist\(\S+\.\S+\)'
$ repoquery --repo=rawhide --requires | grep -E
'^python3(\.[[:digit:]]+)?dist\(\S+\.\S+\)'
With the exception of packages that failed to rebuild with Python 3.11
(and those will need to be dealt with anyway one way or another).
The following example commands should only give the variant with dashes:
$ repoquery --repo=rawhide --provides python3-ruamel-yaml | grep -E
'^python3(\.[[:digit:]]+)?dist\('
$ repoquery --repo=rawhide --provides python3-jaraco-path | grep -E
'^python3(\.[[:digit:]]+)?dist\('
There should be no new broken dependencies because of this.
Note that wiki is eating my double `[]` in the regexes above around
`:digit:`. See the page source for the actual commands :(
== User Experience ==
The actual users should notice no difference.
== Dependencies ==
We need [[Changes/Python3.11]] to happen together with this.
== Contingency Plan ==
* Contingency mechanism: the change owners will revert the change and
the mass rebuild will handle the packages that need the legacy form of
the provides
* Contingency deadline: mass rebuild
* Blocks release? No
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[arch-announce] linux-firmware 20220119.0c6a7b3-2 requires kernel >=5.3 and package splitting
The linux-firmware package 20220119.0c6a7b3-2 implements kernel
firmware compression. Linux kernel from 5.3 on support loading
from xz compressed firmware.
CONFIG_FW_LOADER_COMPRESS kernel option must be enabled. All official Arch Linux kernel support this for a long time. [1]
The linux-firmware package has been split into smaller packages to
further reduce required disk space. Some big firmware files of
rarely used hardware have been split into separate packages.
This affects firmware for Mellanox Spectrum switches, Marvell devices,
Qualcomm SoCs, Cavium LiquidIO server adapters, QLogic devices,
Broadcom NetXtreme II 10Gb ethernet adapters.
Make sure to install additional firmware packages if needed. [2]
[1] [FS#72899](https://bugs.archlinux.org/task/72899)
[2] [FS#72559](https://bugs.archlinux.org/task/72559) +
[svn commit](https://github.com/archlinux/svntogit-packages/commit/a12e069d0cae39a87f003beab9a97f7211abcac2.patch)
URL: https://archlinux.org/news/linux-firmware-202201190c6a7b3-2-requires-kernel-53-and-package-splitting/
_______________________________________________
arch-announce mailing list
arch-announce@lists.archlinux.org
https://lists.archlinux.org/listinfo/arch-announce
firmware compression. Linux kernel from 5.3 on support loading
from xz compressed firmware.
CONFIG_FW_LOADER_COMPRESS kernel option must be enabled. All official Arch Linux kernel support this for a long time. [1]
The linux-firmware package has been split into smaller packages to
further reduce required disk space. Some big firmware files of
rarely used hardware have been split into separate packages.
This affects firmware for Mellanox Spectrum switches, Marvell devices,
Qualcomm SoCs, Cavium LiquidIO server adapters, QLogic devices,
Broadcom NetXtreme II 10Gb ethernet adapters.
Make sure to install additional firmware packages if needed. [2]
[1] [FS#72899](https://bugs.archlinux.org/task/72899)
[2] [FS#72559](https://bugs.archlinux.org/task/72559) +
[svn commit](https://github.com/archlinux/svntogit-packages/commit/a12e069d0cae39a87f003beab9a97f7211abcac2.patch)
URL: https://archlinux.org/news/linux-firmware-202201190c6a7b3-2-requires-kernel-53-and-package-splitting/
_______________________________________________
arch-announce mailing list
arch-announce@lists.archlinux.org
https://lists.archlinux.org/listinfo/arch-announce
[USN-5248-1] Thunderbird vulnerabilities
==========================================================================
Ubuntu Security Notice USN-5248-1
January 21, 2022
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, trick a user into accepting unwanted
permissions, conduct header splitting attacks, conduct spoofing attacks,
bypass security restrictions, confuse the user, or execute arbitrary code.
(CVE-2021-4129, CVE-2021-4140, CVE-2021-29981, CVE-2021-29982,
CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496,
CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501,
CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,
CVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535,
CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539,
CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545,
CVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739,
CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743,
CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751)
It was discovered that Thunderbird ignored the configuration to require
STARTTLS for an SMTP connection. A person-in-the-middle could potentially
exploit this to perform a downgrade attack in order to intercept messages
or take control of a session. (CVE-2021-38502)
It was discovered that JavaScript was unexpectedly enabled in the
composition area. An attacker could potentially exploit this in
combination with another vulnerability, with unspecified impacts.
(CVE-2021-43528)
A buffer overflow was discovered in the Matrix chat library bundled with
Thunderbird. An attacker could potentially exploit this to cause a denial
of service, or execute arbitrary code. (CVE-2021-44538)
It was discovered that Thunderbird's OpenPGP integration only considered
the inner signed message when checking signature validity in a message
that contains an additional outer MIME layer. An attacker could
potentially exploit this to trick the user into thinking that a message
has a valid signature. (CVE-2021-4126)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
thunderbird 1:91.5.0+build1-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
thunderbird 1:91.5.0+build1-0ubuntu0.18.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5248-1
CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29991,
CVE-2021-38495, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498,
CVE-2021-38500, CVE-2021-38501, CVE-2021-38502, CVE-2021-38503,
CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508,
CVE-2021-38509, CVE-2021-4126, CVE-2021-4129, CVE-2021-4140,
CVE-2021-43528, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536,
CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541,
CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546,
CVE-2021-44538, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739,
CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743,
CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:91.5.0+build1-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:91.5.0+build1-0ubuntu0.18.04.1
Ubuntu Security Notice USN-5248-1
January 21, 2022
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, trick a user into accepting unwanted
permissions, conduct header splitting attacks, conduct spoofing attacks,
bypass security restrictions, confuse the user, or execute arbitrary code.
(CVE-2021-4129, CVE-2021-4140, CVE-2021-29981, CVE-2021-29982,
CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496,
CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501,
CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,
CVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535,
CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539,
CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545,
CVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739,
CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743,
CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751)
It was discovered that Thunderbird ignored the configuration to require
STARTTLS for an SMTP connection. A person-in-the-middle could potentially
exploit this to perform a downgrade attack in order to intercept messages
or take control of a session. (CVE-2021-38502)
It was discovered that JavaScript was unexpectedly enabled in the
composition area. An attacker could potentially exploit this in
combination with another vulnerability, with unspecified impacts.
(CVE-2021-43528)
A buffer overflow was discovered in the Matrix chat library bundled with
Thunderbird. An attacker could potentially exploit this to cause a denial
of service, or execute arbitrary code. (CVE-2021-44538)
It was discovered that Thunderbird's OpenPGP integration only considered
the inner signed message when checking signature validity in a message
that contains an additional outer MIME layer. An attacker could
potentially exploit this to trick the user into thinking that a message
has a valid signature. (CVE-2021-4126)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
thunderbird 1:91.5.0+build1-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
thunderbird 1:91.5.0+build1-0ubuntu0.18.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5248-1
CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29991,
CVE-2021-38495, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498,
CVE-2021-38500, CVE-2021-38501, CVE-2021-38502, CVE-2021-38503,
CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508,
CVE-2021-38509, CVE-2021-4126, CVE-2021-4129, CVE-2021-4140,
CVE-2021-43528, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536,
CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541,
CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546,
CVE-2021-44538, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739,
CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743,
CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:91.5.0+build1-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:91.5.0+build1-0ubuntu0.18.04.1
Subscribe to:
Posts (Atom)