Fedora 35: vgrep 2022-3969b64d4b

Advisories

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-3969b64d4b
2022-07-17 00:57:11.020145
--------------------------------------------------------------------------------

Name        : vgrep
Product     : Fedora 35
Version     : 2.5.6
Release     : 2.fc35
URL         : https://github.com/vrothberg/vgrep
Summary     : User-friendly pager for grep
Description :

vgrep is a pager for grep, git-grep, ripgrep and similar grep implementations,
and allows for opening the indexed file locations in a user-specified editor
such as vim or emacs. vgrep is inspired by the ancient cgvg scripts but
extended to perform further operations such as listing statistics of files and
directory trees or showing the context lines before and after the matches.

--------------------------------------------------------------------------------
Update Information:

Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs
---  This contains the result from the mass rebuild in F35 for all packages that
require `golang` and provide binaries to mitigate the following CVEs:  `golang`
itself:  -  CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -
CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -
CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go
CVEs that are a little bit older that will also be  mitigated by the rebuild for
packages that haven't been updated recently)  CVEs in other golang libraries
that affect a subset of Go packages:  - CVE-2022-21698 golang-github-prometheus-
client: prometheus/client_golang:  Denial of service using
InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass
Through User-Controlled Key  ----  Initial import for golang-github-a8m-envsubst
Resolves: rhbz#2074406  ----  Initial package  Resolves: rhbz#2074438  ----
Update to v3.14.0 (close rhbz#2105612)  ----  Fix merge  ----  Update to 1.22.1
- Close: rhbz#2077577
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul  9 2022 Maxwell G  - 2.5.6-2
- Rebuild for CVE-2022-{24675,28327,29526} in golang
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go
        https://bugzilla.redhat.com/show_bug.cgi?id=2074406
  [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language
        https://bugzilla.redhat.com/show_bug.cgi?id=2074438
  [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2077577
  [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2105612
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 35: vgrep 2022-3969b64d4b

July 16, 2022

Summary

vgrep is a pager for grep, git-grep, ripgrep and similar grep implementations,

and allows for opening the indexed file locations in a user-specified editor

such as vim or emacs. vgrep is inspired by the ancient cgvg scripts but

extended to perform further operations such as listing statistics of files and

directory trees or showing the context lines before and after the matches.

Update Information:

Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar - CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently) CVEs in other golang libraries that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus- client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ---- Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1 - Close: rhbz#2077577

Change Log

* Sat Jul 9 2022 Maxwell G - 2.5.6-2 - Rebuild for CVE-2022-{24675,28327,29526} in golang

References

[ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go https://bugzilla.redhat.com/show_bug.cgi?id=2074406 [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language https://bugzilla.redhat.com/show_bug.cgi?id=2074438 [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077577 [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2105612

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : vgrep
Product : Fedora 35
Version : 2.5.6
Release : 2.fc35
URL : https://github.com/vrothberg/vgrep
Summary : User-friendly pager for grep

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.