https://bugzilla.redhat.com/show_bug.cgi?id=2127348
--- Doc Text *updated* by RaTasha Tillery-Smith <rtillery(a)redhat.com> ---
A flaw was found in the thenify package. Users can control the name argument provided to the package without any sanitization, and this is provided to the eval function without any sanitization, which leads to arbitrary code execution.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2127348
https://bugzilla.redhat.com/show_bug.cgi?id=2124370
Jerry James <loganjerry(a)gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(epel-packagers-si |
|g(a)lists.fedoraproject.org) |
--- Comment #6 from Jerry James <loganjerry(a)gmail.com> ---
Not sure where that needinfo flag came from. I'll see if I can clear it....
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2124370
https://bugzilla.redhat.com/show_bug.cgi?id=2124370
Jerry James <loganjerry(a)gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |needinfo?(epel-packagers-si
| |g(a)lists.fedoraproject.org)
CC| |epel-packagers-sig(a)lists.fe
| |doraproject.org
--- Comment #5 from Jerry James <loganjerry(a)gmail.com> ---
I have added @epel-packagers-sig@lists.fedoraproject.org as a collaborator with
access to all epel* branches. I'll take responsibility if the primary
maintainer is not happy with this action.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2124370
Product: Fedora EPEL
Version: epel9
Component: glpk
Jerry James <loganjerry(a)gmail.com> has asked EPEL Packagers SIG
<epel-packagers-sig(a)lists.fedoraproject.org> for needinfo:
Bug 2124370: request epel 9 branch for glpk
https://bugzilla.redhat.com/show_bug.cgi?id=2124370
--- Comment #5 from Jerry James <loganjerry(a)gmail.com> ---
I have added @epel-packagers-sig@lists.fedoraproject.org as a collaborator with
access to all epel* branches. I'll take responsibility if the primary
maintainer is not happy with this action.
https://bugzilla.redhat.com/show_bug.cgi?id=2127458
Bug ID: 2127458
Summary: bear: FTBFS in Fedora Rawhide
Product: Fedora
Version: rawhide
URL: https://koschei.fedoraproject.org/package/bear
Status: NEW
Component: bear
Assignee: dan.cermak(a)cgc-instruments.com
Reporter: code(a)musicinmybrain.net
QA Contact: extras-qa(a)fedoraproject.org
CC: code(a)musicinmybrain.net,
dan.cermak(a)cgc-instruments.com,
epel-packagers-sig(a)lists.fedoraproject.org,
mgansser(a)netcom-mail.de, thofmann(a)fedoraproject.org
Target Milestone: ---
Classification: Fedora
Description of problem:
Package bear fails to build from source in Fedora Rawhide.
Version-Release number of selected component (if applicable):
3.0.20-2.fc38
Steps to Reproduce:
koji build --scratch f38 bear-3.0.20-2.fc38.src.rpm
Additional info:
This package is tracked by Koschei. See:
https://koschei.fedoraproject.org/package/bear
-----
Koschei hasn’t yet had a failing rebuild yet, but this is reproducible with any
scratch build, e.g.:
https://koji.fedoraproject.org/koji/taskinfo?taskID=92075476
The stack traces point into grpc routines, so it’s possible that this is
actually a grpc bug. It seems like it might be related to the update from grpc
1.48.0 to 1.48.1; I did not do impact/regression testing for that since it was
only a patch release. The failures are only on s390x. (I have always had to
skip a lot of undiagnosed test failures for grpc on s390x.)
It may be that it is worth setting this bug to block F-ExcludeArch-s390x and
adding ExcludeArch: s390x to the bear spec file. Since bear is a leaf package,
this would not have much impact. Or, maybe you prefer to skip the affected
test(s).
What do you think?
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2127458
https://bugzilla.redhat.com/show_bug.cgi?id=2127352
Bug ID: 2127352
Summary: python-matplotlib-3.6.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-matplotlib
Keywords: FutureFeature, Triaged
Assignee: quantum.analyst(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
gwync(a)protonmail.com, jonathan.underwood(a)gmail.com,
paulo.cesar.pereira.de.andrade(a)gmail.com,
python-sig(a)lists.fedoraproject.org,
quantum.analyst(a)gmail.com, thibault(a)north.li,
tomspur(a)fedoraproject.org
Target Milestone: ---
Classification: Fedora
Releases retrieved: 3.6.0
Upstream release that is considered latest: 3.6.0
Current version/release in rawhide: 3.6.0~rc2-1.fc38
URL: https://pypi.python.org/pypi/matplotlib
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/3919/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-matplotlib
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2127352
https://bugzilla.redhat.com/show_bug.cgi?id=2127348
--- Doc Text *updated* by Avinash Hanwate <ahanwate(a)redhat.com> ---
A flaw was found in the thenify package. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization which leads to Arbitrary Code Execution.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2127348