https://bugzilla.redhat.com/show_bug.cgi?id=2057214
Bug ID: 2057214
Summary: python-flit-3.7.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-flit
Keywords: FutureFeature, Triaged
Assignee: mhroncok(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
mhroncok(a)redhat.com, michel(a)michel-slm.name,
python-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Latest upstream release: 3.7.0
Current version/release in rawhide: 3.5.1-2.fc36
URL: https://flit.readthedocs.io/en/latest/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/12061/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2057214
https://bugzilla.redhat.com/show_bug.cgi?id=2058883
Bug ID: 2058883
Summary: python-libtmux-0.11.0b0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-libtmux
Keywords: FutureFeature, Triaged
Assignee: mail(a)fabian-affolter.ch
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: dcavalca(a)fb.com,
epel-packagers-sig(a)lists.fedoraproject.org,
mail(a)fabian-affolter.ch
Target Milestone: ---
Classification: Fedora
Latest upstream release: 0.11.0b0
Current version/release in rawhide: 0.10.3-1.fc37
URL: https://pypi.python.org/pypi/libtmux
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/13040/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2058883
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
Bug ID: 2042527
Summary: CVE-2022-22817 python-pillow: PIL.ImageMath.eval
allows evaluation of arbitrary expressions
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary
expressions, such as ones that use the Python exec method.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-bu…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Bug ID: 2042522
Summary: CVE-2022-22816 python-pillow: buffer over-read during
initialization of ImagePath.Path in path_getbbox() in
path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during
initialization of ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
https://bugzilla.redhat.com/show_bug.cgi?id=2059360
Bug ID: 2059360
Summary: yarnpkg for fedora 35 installs binary
'/usr/bin/%{fc_name}'
Product: Fedora
Version: 35
Status: NEW
Component: yarnpkg
Assignee: zsvetlik(a)redhat.com
Reporter: martin.kuehl(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
ngompa13(a)gmail.com, zsvetlik(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
the current yarnpkg rpm installs a binary at the path '/usr/bin/%{fc_name}'
this is also visible at:
https://packages.fedoraproject.org/pkgs/yarnpkg/yarnpkg/fedora-35.html#files
Version-Release number of selected component (if applicable):
yarnpkg-1.22.10-3.fc35
How reproducible:
always
Steps to Reproduce:
1. dnf repoquery --list yarnpkg | grep /usr/bin
or look at
https://packages.fedoraproject.org/pkgs/yarnpkg/yarnpkg/fedora-35.html#files
Actual results:
/usr/bin/%{fc_name}
/usr/bin/yarn
/usr/bin/yarnpkg
Expected results:
judging by the package for fedora 36:
/usr/bin/nodejs-yarn
/usr/bin/yarn
/usr/bin/yarnpkg
Additional info:
if i remember correctly that's rpm spec template syntax so there might be some
stray escaping or something?
it's also apparently fixed for f36 so backporting that package would be just
fine.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2059360
https://bugzilla.redhat.com/show_bug.cgi?id=2057217
Bug ID: 2057217
Summary: libdwarf-0.3.3 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: libdwarf
Assignee: tom(a)compton.nu
Reporter: michel(a)michel-slm.name
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
jitesh.1337(a)gmail.com, michel(a)michel-slm.name,
orion(a)nwra.com, tom(a)compton.nu
Target Milestone: ---
Classification: Fedora
Filing this manually, as release monitoring is broken since libdwarf went
semver (all the new versions are still showing as older than the old YYYYMMDD).
I've updated the regex and filed
https://github.com/fedora-infra/anitya/issues/1307 to request old versions to
be purged.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2057217
https://bugzilla.redhat.com/show_bug.cgi?id=2054370
Bug ID: 2054370
Summary: python-stack-data-0.2.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-stack-data
Keywords: FutureFeature, Triaged
Assignee: lbalhar(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
lbalhar(a)redhat.com, michel(a)michel-slm.name
Target Milestone: ---
Classification: Fedora
Latest upstream release: 0.2.0
Current version/release in rawhide: 0.1.4-2.fc36
URL: https://pypi.org/project/stack-data/0.0.7
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/90020/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2054370
https://bugzilla.redhat.com/show_bug.cgi?id=2050264
Bug ID: 2050264
Summary: pyelftools-0.28 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: pyelftools
Keywords: FutureFeature, Triaged
Assignee: dominik(a)greysector.net
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: besser82(a)fedoraproject.org, dcavalca(a)fb.com,
dominik(a)greysector.net,
epel-packagers-sig(a)lists.fedoraproject.org,
mail(a)kushaldas.in, moez.roy(a)gmail.com,
terjeros(a)phys.ntnu.no
Target Milestone: ---
Classification: Fedora
Latest upstream release: 0.28
Current version/release in rawhide: 0.27-6.fc36
URL: https://pypi.python.org/pypi/pyelftools
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/16219/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2050264
https://bugzilla.redhat.com/show_bug.cgi?id=2048817
Bug ID: 2048817
Summary: Branch and build proxychains-ng for EPEL 9
Product: Fedora EPEL
Version: epel9
Status: NEW
Component: proxychains-ng
Assignee: michel(a)michel-slm.name
Reporter: michel(a)michel-slm.name
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name, mtasaka(a)tbz.t-com.ne.jp,
pranav913(a)gmail.com
Target Milestone: ---
Classification: Fedora
Because why not
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2048817
https://bugzilla.redhat.com/show_bug.cgi?id=2044459
Bug ID: 2044459
Summary: proxychains-ng-4.16 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: proxychains-ng
Keywords: FutureFeature, Triaged
Assignee: pranav913(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
michel(a)michel-slm.name, mtasaka(a)tbz.t-com.ne.jp,
pranav913(a)gmail.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 4.16
Current version/release in rawhide: 4.15-1.fc35
URL: https://github.com/rofl0r/proxychains-ng
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/6499/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2044459