Fedora 35: qpress 2022-0ff8149aad | LinuxSecurity.com
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-0ff8149aad
2022-12-04 01:57:54.087305
--------------------------------------------------------------------------------

Name        : qpress
Product     : Fedora 35
Version     : 20220819
Release     : 1.fc35
URL         : https://www.quicklz.com
Summary     : A portable file archiver using QuickLZ
Description :
qpress is a portable file archiver using QuickLZ and designed to utilize fast
storage systems to their max. It's often faster than file copy because the
destination is smaller than the source.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2022-45866
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 25 2022 Davide Cavalca  20220819-1
- Switch to new upstream and update to 20220819 (Fixes: RHBZ#2147535,
  RHBZ#2147537)
* Fri Jul 22 2022 Fedora Release Engineering  11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2147535 - CVE-2022-45866 qpress: directory traversal via ../ in a .qp file
        https://bugzilla.redhat.com/show_bug.cgi?id=2147535
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-0ff8149aad' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 35: qpress 2022-0ff8149aad

December 4, 2022
Security fix for CVE-2022-45866

Summary

qpress is a portable file archiver using QuickLZ and designed to utilize fast

storage systems to their max. It's often faster than file copy because the

destination is smaller than the source.

Update Information:

Security fix for CVE-2022-45866

Change Log

* Fri Nov 25 2022 Davide Cavalca 20220819-1 - Switch to new upstream and update to 20220819 (Fixes: RHBZ#2147535, RHBZ#2147537) * Fri Jul 22 2022 Fedora Release Engineering 11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

References

[ 1 ] Bug #2147535 - CVE-2022-45866 qpress: directory traversal via ../ in a .qp file https://bugzilla.redhat.com/show_bug.cgi?id=2147535

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-0ff8149aad' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : qpress
Product : Fedora 35
Version : 20220819
Release : 1.fc35
URL : https://www.quicklz.com
Summary : A portable file archiver using QuickLZ