Fedora 35: 2022-8f968eea82 Moderate: Phoronix-Test-Suite CSRF and XSS

The Phoronix Test Suite is the most comprehensive testing and benchmarking

platform available for the Linux operating system. This software is designed to

effectively carry out both qualitative and quantitative benchmarks in a clean,

reproducible, and easy-to-use manner. The Phoronix Test Suite consists of a

lightweight processing core (pts-core) with each benchmark consisting of an

XML-based profile with related resource scripts. The process from the benchmark

installation, to the actual benchmarking, to the parsing of important hardware

and software components is heavily automated and completely repeatable, asking

users only for confirmation of actions.

Security fix for: - CVE-2022-0157 - CVE-2022-0196 - CVE-2022-0197 -CVE-2022-0238

* Tue Feb 1 2022 Michel Alexandre Salim 10.8.1-1

- Update to 10.8.1

* Fri Jan 21 2022 Fedora Release Engineering 10.6.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

[ 1 ] Bug #2039837 - CVE-2022-0157 phoronix-test-suite: stored xss in group name [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2039837

[ 2 ] Bug #2039838 - CVE-2022-0157 phoronix-test-suite: stored xss in group name [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=2039838

[ 3 ] Bug #2043434 - CVE-2022-0196 phoronix-test-suite: phoronix-test-suite vulnerable to Cross-Site Request Forgery (CSRF) [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2043434

[ 4 ] Bug #2043435 - CVE-2022-0196 phoronix-test-suite: phoronix-test-suite vulnerable to Cross-Site Request Forgery (CSRF) [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=2043435

[ 5 ] Bug #2043442 - CVE-2022-0197 phoronix-test-suite: phoronix-test-suite vulnerable to Cross-Site Request Forgery (CSRF) [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2043442

[ 6 ] Bug #2043443 - CVE-2022-0197 phoronix-test-suite: phoronix-test-suite vulnerable to Cross-Site Request Forgery (CSRF) [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=2043443

[ 7 ] Bug #2046238 - CVE-2022-0238 phoronix-test-suite: CSRF in the phoromatic component [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2046238

[ 8 ] Bug #2046239 - CVE-2022-0238 phoronix-test-suite: CSRF in the phoromatic component [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=2046239

su -c 'dnf upgrade --advisory FEDORA-2022-8f968eea82' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure