Fedora 36: FEDORA-2022-ea8f4e232d Critical: Golang Multiple Threats

Wire is a code generation tool that automates connecting components using

dependency injection. Dependencies between components are represented in Wire as

function parameters, encouraging explicit initialization instead of global

variables. Because Wire operates without runtime state or reflection, code

written to be used with Wire is useful even for hand-written initialization.

Rebuild to mitigate

CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more

information about the specific vulnerabilities.

* Tue Jul 19 2022 Maxwell G - 0.5.0-4

- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in

golang

su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure