Fedora Linux 8813 Published by

A recutils security update has been released for Fedora 36.



SECURITY: Fedora 36 Update: recutils-1.9-1.fc36


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-17787e290f
2022-05-07 04:08:14.317946
--------------------------------------------------------------------------------

Name : recutils
Product : Fedora 36
Version : 1.9
Release : 1.fc36
URL :   https://www.gnu.org/software/recutils/
Summary : A set of tools to access GNU recfile databases
Description :
Recutils is a set of tools and libraries to access human-editable,
text-based databases called recfiles. The data is stored as a sequence
of records, each record containing an arbitrary number of named
fields.

--------------------------------------------------------------------------------
Update Information:

- New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941) - Use
%%gpgverify macro - Remove recutils-shared-lib-calls-exit.patch - Install rec-
mode.el from a separate source
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 25 2022 Daiki Ueno - 1.9-1
- New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941)
- Use %gpgverify macro
- Remove recutils-shared-lib-calls-exit.patch
- Install rec-mode.el from a separate source
* Fri Jan 21 2022 Fedora Release Engineering - 1.8-3
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2046941 - recutils: FTBFS in Fedora rawhide/f36
  https://bugzilla.redhat.com/show_bug.cgi?id=2046941
[ 2 ] Bug #2047805 - CVE-2021-46021 recutils: use-after-free in rec_record_destroy() at rec-record.c may lead to DoS [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2047805
[ 3 ] Bug #2047807 - CVE-2021-46022 recutils: use-after-free in rec_mset_elem_destroy() at rec-mset.c may lead to DoS [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2047807
[ 4 ] Bug #2047809 - CVE-2021-46019 recutils: untrusted pointer dereference in rec_db_destroy() at rec-db.c may lead to DoS [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2047809
[ 5 ] Bug #2075962 - recutils-1.9 is available
  https://bugzilla.redhat.com/show_bug.cgi?id=2075962
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-17787e290f' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________