Stay Secure with the Latest Linux Advisories

security advisoryupdateFedora

Fedora 36: 2022-ea8f4e232d Moderate: Mitigating Golang CVEs

Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-gorhill-cronexpr Product : Fedora 36 Version : 1.0.0 Release : 5.fc36 URL : https://github.com/gorhill/cronexpr Summary : Cron expression parser in Go language Description : Given a cron expression and a time stamp, you can get the next time stamp which satisfies the cron expression. In another project, I decided to use cron expression syntax to encode scheduling information. Thus this standalone library to parse and apply time stamps to cron expressions. The time-matching algorithm in this implementation is efficient, it avoids as much as possible to guess the next matching time stamp, a common technique seen in a number of implementations out there. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 1.0.0-5 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Address various CVEs in golang-github-gorhill-cronexpr through this update notification for Fedora.. Golang Update, CVE Mitigation, Fedora Advisory, Cron Parser Security, Software Patch. . LinuxSecurity.com Team

Jul 29, 2022 Fedora