Fedora 36: FEDORA-2023-739c8d3c87 Moderate: Jython Log4j Issue

The TeX Live software distribution offers a complete TeX system for a

variety of Unix, Macintosh, Windows and other platforms. It

encompasses programs for editing, typesetting, previewing and printing

of TeX documents in many different languages, and a large collection

of TeX macros and font libraries.

The distribution includes extensive general documentation about TeX,

as well as the documentation for the included software packages.

Update to newer version of arara with newer log4j. Severity is low because

exploiting this locally would be challenging.

* Tue Jan 11 2022 Tom Callaway - 9:20210325-44

- update arara to address log4j CVEs

* Wed Dec 15 2021 Tom Callaway - 9:20210325-43

- rework the font map trigger logic

* Mon Aug 16 2021 Stephen Gallagher - 9:20210325-41

- Rebuild for libpoppler soname bump

[ 1 ] Bug #2039492 - arara embeds a vulnerable version of log4j

https://bugzilla.redhat.com/show_bug.cgi?id=2039492

su -c 'dnf upgrade --advisory FEDORA-2022-639b9d2b85' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure