Fedora 39 Update: rust-vergen-5.1.17-8.fc39
Fedora 39 Update: rust-tokei-12.1.2-8.fc39
Fedora 39 Update: rust-silver-2.0.1-7.fc39
Fedora 39 Update: rust-lsd-1.0.0-3.fc39
Fedora 39 Update: rust-gitui-0.24.3-4.fc39
Fedora 39 Update: rust-pretty-git-prompt-0.2.1-20.fc39
Fedora 39 Update: rust-git-delta-0.16.5-9.fc39
Fedora 39 Update: rust-shadow-rs-0.8.1-8.fc39
Fedora 39 Update: rust-bat-0.24.0-3.fc39
Fedora 39 Update: rust-pore-0.1.10-3.fc39
Fedora 39 Update: rust-git-absorb-0.6.11-3.fc39
Fedora 39 Update: rust-eza-0.17.3-2.fc39
Fedora 39 Update: rust-git2-0.18.2-1.fc39
Fedora 39 Update: rust-cargo-c-0.9.28-4.fc39
Fedora 39 Update: rust-asyncgit-0.24.3-3.fc39
Fedora 39 Update: freeglut-3.4.0-7.fc39
Fedora 39 Update: libmodsecurity-3.0.12-1.fc39
Fedora 38 Update: libmodsecurity-3.0.12-1.fc38
Fedora 39 Update: rust-vergen-5.1.17-8.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-vergen
Product : Fedora 39
Version : 5.1.17
Release : 8.fc39
URL : https://crates.io/crates/vergen
Summary : Generate cargo:rustc-env instructions for use with env!
Description :
Generate 'cargo:rustc-env' instructions via 'build.rs' for use in your
code via the env! macro.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 5.1.17-8
- Bump git2 dependency to 0.18
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5.1.17-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-tokei-12.1.2-8.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-tokei
Product : Fedora 39
Version : 12.1.2
Release : 8.fc39
URL : https://crates.io/crates/tokei
Summary : Count your code, quickly
Description :
Count your code, quickly.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 12.1.2-8
- Bump git2 dev-dependency from 0.13 to 0.18
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 12.1.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Aug 22 2023 Fabio Valentini [decathorpe@gmail.com] - 12.1.2-6
- Convert license tag for binary subpackage to SPDX
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-silver-2.0.1-7.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-silver
Product : Fedora 39
Version : 2.0.1
Release : 7.fc39
URL : https://crates.io/crates/silver
Summary : Cross-shell customizable powerline-like prompt with icons
Description :
A cross-shell customizable powerline-like prompt with icons.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 2.0.1-7
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-lsd-1.0.0-3.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-lsd
Product : Fedora 39
Version : 1.0.0
Release : 3.fc39
URL : https://crates.io/crates/lsd
Summary : Ls command with a lot of pretty colors and some other stuff
Description :
An ls command with a lot of pretty colors and some other stuff.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 1.0.0-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-gitui-0.24.3-4.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-gitui
Product : Fedora 39
Version : 0.24.3
Release : 4.fc39
URL : https://crates.io/crates/gitui
Summary : Blazing fast terminal-ui for git
Description :
Blazing fast terminal-ui for git.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.24.3-4
- Attempt to work around OOM problems on i686
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.24.3-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-pretty-git-prompt-0.2.1-20.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-pretty-git-prompt
Product : Fedora 39
Version : 0.2.1
Release : 20.fc39
URL : https://crates.io/crates/pretty-git-prompt
Summary : Your current git repository information inside a beautiful shell prompt
Description :
Your current git repository information inside a beautiful shell prompt.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.2.1-20
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.1-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-git-delta-0.16.5-9.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-git-delta
Product : Fedora 39
Version : 0.16.5
Release : 9.fc39
URL : https://crates.io/crates/git-delta
Summary : Syntax-highlighting pager for git
Description :
A syntax-highlighting pager for git.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.16.5-9
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.16.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-shadow-rs-0.8.1-8.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-shadow-rs
Product : Fedora 39
Version : 0.8.1
Release : 8.fc39
URL : https://crates.io/crates/shadow-rs
Summary : Build-time information stored in your rust project
Description :
A build-time information stored in your rust project.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.8.1-8
- Bump git2 dependency from 0.13 to 0.18
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-bat-0.24.0-3.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-bat
Product : Fedora 39
Version : 0.24.0
Release : 3.fc39
URL : https://crates.io/crates/bat
Summary : Cat(1) clone with wings
Description :
A cat(1) clone with wings.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.24.0-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-pore-0.1.10-3.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-pore
Product : Fedora 39
Version : 0.1.10
Release : 3.fc39
URL : https://crates.io/crates/pore
Summary : Performance oriented reimplementation of repo
Description :
A performance oriented reimplementation of repo.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.1.10-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-git-absorb-0.6.11-3.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-git-absorb
Product : Fedora 39
Version : 0.6.11
Release : 3.fc39
URL : https://crates.io/crates/git-absorb
Summary : Git commit --fixup, but automatic
Description :
Git commit --fixup, but automatic.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.6.11-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.6.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-eza-0.17.3-2.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-eza
Product : Fedora 39
Version : 0.17.3
Release : 2.fc39
URL : https://crates.io/crates/eza
Summary : Modern replacement for ls
Description :
A modern replacement for ls.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.17.3-2
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-git2-0.18.2-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-git2
Product : Fedora 39
Version : 0.18.2
Release : 1.fc39
URL : https://crates.io/crates/git2
Summary : Bindings to libgit2 for interoperating with git repositories
Description :
Bindings to libgit2 for interoperating with git repositories. This
library is both threadsafe and memory safe and allows both reading and
writing git repositories.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.18.2-1
- Update to version 0.18.2; Fixes RHBZ#2263124
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.18.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-cargo-c-0.9.28-4.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-cargo-c
Product : Fedora 39
Version : 0.9.28
Release : 4.fc39
URL : https://crates.io/crates/cargo-c
Summary : Helper program to build and install c-like libraries
Description :
Helper program to build and install c-like libraries.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.9.28-4
- Attempt to work around OOM problems on i686
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.9.28-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.9.28-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: rust-asyncgit-0.24.3-3.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-8ba389815f
2024-02-20 01:38:39.542135
--------------------------------------------------------------------------------
Name : rust-asyncgit
Product : Fedora 39
Version : 0.24.3
Release : 3.fc39
URL : https://crates.io/crates/asyncgit
Summary : Allow using git2 in a asynchronous context
Description :
Allow using git2 in a asynchronous context.
--------------------------------------------------------------------------------
Update Information:
Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.24.3-3
- Bump git2 dependency from 0.17 to 0.18
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: freeglut-3.4.0-7.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b69a4d75a1
2024-02-20 01:38:39.542129
--------------------------------------------------------------------------------
Name : freeglut
Product : Fedora 39
Version : 3.4.0
Release : 7.fc39
URL : http://freeglut.sourceforge.net
Summary : A freely licensed alternative to the GLUT library
Description :
freeglut is a completely open source alternative to the OpenGL Utility Toolkit
(GLUT) library with an OSI approved free software license. GLUT was originally
written by Mark Kilgard to support the sample programs in the second edition
OpenGL 'RedBook'. Since then, GLUT has been used in a wide variety of practical
applications because it is simple, universally available and highly portable.
freeglut allows the user to create and manage windows containing OpenGL
contexts on a wide range of platforms and also read the mouse, keyboard and
joystick functions.
--------------------------------------------------------------------------------
Update Information:
Patch for CVE-2024-24258 and CVE-2024-24259
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 12 2024 Gwyn Ciesla [gwync@protonmail.com] - 3.4.0-7
- Patch for CVE-2024-24258 and CVE-2024-24259
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.4.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.4.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2263941 - CVE-2024-24258 freeglut: memory leak via glutAddSubMenu() function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263941
[ 2 ] Bug #2263946 - CVE-2024-24259 freeglut: memory leak via glutAddMenuEntry() function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263946
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b69a4d75a1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 39 Update: libmodsecurity-3.0.12-1.fc39
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-4645d0fdef
2024-02-20 01:38:39.542070
--------------------------------------------------------------------------------
Name : libmodsecurity
Product : Fedora 39
Version : 3.0.12
Release : 1.fc39
URL : https://github.com/SpiderLabs/ModSecurity
Summary : A library that loads/interprets rules written in the ModSecurity SecRules
Description :
Libmodsecurity is one component of the ModSecurity v3 project.
The library codebase serves as an interface to ModSecurity Connectors
taking in web traffic and applying traditional ModSecurity processing.
In general, it provides the capability to load/interpret rules written
in the ModSecurity SecRules format and apply them to HTTP content provided
by your application via Connectors.
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.12
Security fix for CVE-2024-1019
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 11 2024 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 3.0.12-1
- Update to 3.0.12 rhbz#2253518
- Fix CVE-2024-1019 rhbz#2262017 rhbz#2262018 rhbz#2262019
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2262018 - CVE-2024-1019 libmodsecurity: WAF bypass for path-based payloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2262018
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-4645d0fdef' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
Fedora 38 Update: libmodsecurity-3.0.12-1.fc38
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-698e541c52
2024-02-20 01:36:45.526505
--------------------------------------------------------------------------------
Name : libmodsecurity
Product : Fedora 38
Version : 3.0.12
Release : 1.fc38
URL : https://github.com/SpiderLabs/ModSecurity
Summary : A library that loads/interprets rules written in the ModSecurity SecRules
Description :
Libmodsecurity is one component of the ModSecurity v3 project.
The library codebase serves as an interface to ModSecurity Connectors
taking in web traffic and applying traditional ModSecurity processing.
In general, it provides the capability to load/interpret rules written
in the ModSecurity SecRules format and apply them to HTTP content provided
by your application via Connectors.
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.12
Security fix for CVE-2024-1019
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 11 2024 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 3.0.12-1
- Update to 3.0.12 rhbz#2253518
- Fix CVE-2024-1019 rhbz#2262017 rhbz#2262018 rhbz#2262019
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 3.0.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2262018 - CVE-2024-1019 libmodsecurity: WAF bypass for path-based payloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2262018
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-698e541c52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
