Fedora 38: FEDORA-2023-ab291ca614 Critical: Wabt Software Update

WABT (we pronounce it "wabbit") is a suite of tools for WebAssembly. These tools

are intended for use in (or for development of) toolchains or other systems that

want to manipulate WebAssembly files. Unlike the WebAssembly spec interpreter

(which is written to be as simple, declarative and "speccy" as possible), they

are written in C/C++ and designed for easier integration into other systems.

Unlike Binaryen these tools do not aim to provide an optimization platform or a

higher-level compiler target; instead they aim for full fidelity and compliance

with the spec (e.g. 1:1 round-trips with no changes to instructions).

Latest stable release. Full upstream changelog:

https://github.com/WebAssembly/wabt/compare/1.0.32...1.0.33 . Fixes

CVE-2023-27116, CVE-2023-30300 and CVE-2023-31669.

* Thu May 25 2023 Dominik Mierzejewski 1.0.33-1

- update to 1.0.33 (#2203483)

- drop obsolete patch

- disable failing tests on aarch64 and ppc64le (reported upstream)

- fix running tests on i686

- disable failing wasm2c tests on s390x (big endian not supported upstream)

- fix deprecated patchN macro usage

* Sat Jan 21 2023 Fedora Release Engineering - 1.0.32-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

[ 1 ] Bug #2171755 - wabt: FTBFS in Fedora rawhide/f38

https://bugzilla.redhat.com/show_bug.cgi?id=2171755

[ 2 ] Bug #2179300 - CVE-2023-27116 wabt: webassembly: an abort in CWriter::MangleType. [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2179300

[ 3 ] Bug #2193028 - CVE-2023-30300 wabt: wasm2c hangs on certain inputs and cannot finish execution for a while [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2193028

[ 4 ] Bug #2203483 - wabt-1.0.33 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2203483

[ 5 ] Bug #2209423 - CVE-2023-31669 wabt: Crash in libc++abi.dylib [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2209423

su -c 'dnf upgrade --advisory FEDORA-2023-ab291ca614' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: