Fedora Linux 8811 Published by

A golang-github-hexdigest-gowrap security update has been released for Fedora 35.



SECURITY: Fedora 35 Update: golang-github-hexdigest-gowrap-1.1.12-4.fc35


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-3969b64d4b
2022-07-17 00:57:11.020145
--------------------------------------------------------------------------------

Name : golang-github-hexdigest-gowrap
Product : Fedora 35
Version : 1.1.12
Release : 4.fc35
URL :   https://github.com/hexdigest/gowrap
Summary : GoWrap is a command line tool for generating decorators for Go interfaces
Description :

GoWrap is a command line tool that generates decorators for Go interface types
using simple templates. With GoWrap you can easily add metrics, tracing,
fallbacks, pools, and many other features into your existing code in a few
seconds.

--------------------------------------------------------------------------------
Update Information:

Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs
--- This contains the result from the mass rebuild in F35 for all packages that
require `golang` and provide binaries to mitigate the following CVEs: `golang`
itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -
CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -
CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go
CVEs that are a little bit older that will also be mitigated by the rebuild for
packages that haven't been updated recently) CVEs in other golang libraries
that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus-
client: prometheus/client_golang: Denial of service using
InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass
Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst
Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ----
Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1
- Close: rhbz#2077577
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 9 2022 Maxwell G - 1.1.12-4
- Rebuild for CVE-2022-{24675,28327,29526 in golang}
* Thu Jan 20 2022 Fedora Release Engineering - 1.1.12-3
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go
  https://bugzilla.redhat.com/show_bug.cgi?id=2074406
[ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language
  https://bugzilla.redhat.com/show_bug.cgi?id=2074438
[ 3 ] Bug #2077577 - powerline-go-1.22.1 is available
  https://bugzilla.redhat.com/show_bug.cgi?id=2077577
[ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available
  https://bugzilla.redhat.com/show_bug.cgi?id=2105612
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________