Fedora Linux 8810 Published by

The following security updates have been released for Fedora Linux:

Fedora 38 Update: kernel-6.7.5-100.fc38
Fedora 38 Update: rust-shadow-rs-0.8.1-8.fc38
Fedora 38 Update: rust-tokei-12.1.2-8.fc38
Fedora 38 Update: rust-git-absorb-0.6.11-3.fc38
Fedora 38 Update: rust-git-delta-0.16.5-9.fc38
Fedora 38 Update: rust-vergen-5.1.17-8.fc38
Fedora 38 Update: rust-silver-2.0.1-7.fc38
Fedora 38 Update: rust-pretty-git-prompt-0.2.1-20.fc38
Fedora 38 Update: rust-pore-0.1.10-3.fc38
Fedora 38 Update: rust-bat-0.24.0-3.fc38
Fedora 38 Update: rust-lsd-1.0.0-3.fc38
Fedora 38 Update: rust-gitui-0.24.3-4.fc38
Fedora 38 Update: rust-libgit2-sys-0.16.2-1.fc38
Fedora 38 Update: rust-git2-0.18.2-1.fc38
Fedora 38 Update: rust-eza-0.17.3-2.fc38
Fedora 38 Update: rust-cargo-c-0.9.28-4.fc38
Fedora 38 Update: rust-asyncgit-0.24.3-3.fc38
Fedora 39 Update: kernel-6.7.5-200.fc39
Fedora 38 Update: mbedtls-2.28.7-1.fc38



Fedora 38 Update: kernel-6.7.5-100.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-987089eca2
2024-02-22 02:22:22.545949
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 38
Version : 6.7.5
Release : 100.fc38
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.7.5 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb 17 2024 Justin M. Forbes [jforbes@fedoraproject.org] [6.7.5-0]
- Backported some CVE fixes lets note them in BugsFixed (Justin M. Forbes)
- selftests: openvswitch: Add validation for the recursion test (Aaron Conole)
- net: openvswitch: limit the number of recursions from action sets (Aaron Conole)
- dm: limit the number of targets and parameter size area (Mikulas Patocka)
- Add btrfs bug for 6.7.5 (Justin M. Forbes)
- btrfs: don't refill whole delayed refs block reserve when starting transaction (Filipe Manana)
- Add 6.7.5 fix to BugsFixed (Justin M. Forbes)
- drm/amd: Stop evicting resources on APUs in suspend (Mario Limonciello)
- Revert "drm/amd: flush any delayed gfxoff on suspend entry" (Mario Limonciello)
- smb: client: set correct id, uid and cruid for multiuser automounts (Paulo Alcantara)
- Turn off CONFIG_INTEL_VSC for Fedora (Justin M. Forbes)
- platform/x86: Support for mode FN key (Mark Pearson)
- Linux v6.7.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262241 - CVE-2024-1151 kernel: stack overflow problem in Open vSwitch kernel module leading to DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2262241
[ 2 ] Bug #2263856 - CVE-2023-52429 kernel: missing check for struct in dm-table.c can cause a crash
https://bugzilla.redhat.com/show_bug.cgi?id=2263856
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-987089eca2' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-shadow-rs-0.8.1-8.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-shadow-rs
Product : Fedora 38
Version : 0.8.1
Release : 8.fc38
URL : https://crates.io/crates/shadow-rs
Summary : Build-time information stored in your rust project
Description :
A build-time information stored in your rust project.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.8.1-8
- Bump git2 dependency from 0.13 to 0.18
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jul 21 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.8.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jun 23 2023 Fabio Valentini [decathorpe@gmail.com] - 0.8.1-5
- Regenerate with rust2rpm v24
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-tokei-12.1.2-8.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-tokei
Product : Fedora 38
Version : 12.1.2
Release : 8.fc38
URL : https://crates.io/crates/tokei
Summary : Count your code, quickly
Description :
Count your code, quickly.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 12.1.2-8
- Bump git2 dev-dependency from 0.13 to 0.18
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 12.1.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Aug 22 2023 Fabio Valentini [decathorpe@gmail.com] - 12.1.2-6
- Convert license tag for binary subpackage to SPDX
* Sat Jul 22 2023 Fedora Release Engineering [releng@fedoraproject.org] - 12.1.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-git-absorb-0.6.11-3.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-git-absorb
Product : Fedora 38
Version : 0.6.11
Release : 3.fc38
URL : https://crates.io/crates/git-absorb
Summary : Git commit --fixup, but automatic
Description :
Git commit --fixup, but automatic.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.6.11-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.6.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-git-delta-0.16.5-9.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-git-delta
Product : Fedora 38
Version : 0.16.5
Release : 9.fc38
URL : https://crates.io/crates/git-delta
Summary : Syntax-highlighting pager for git
Description :
A syntax-highlighting pager for git.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.16.5-9
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.16.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-vergen-5.1.17-8.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-vergen
Product : Fedora 38
Version : 5.1.17
Release : 8.fc38
URL : https://crates.io/crates/vergen
Summary : Generate cargo:rustc-env instructions for use with env!
Description :
Generate 'cargo:rustc-env' instructions via 'build.rs' for use in your
code via the env! macro.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 5.1.17-8
- Bump git2 dependency to 0.18
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 5.1.17-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering [releng@fedoraproject.org] - 5.1.17-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue May 23 2023 Fabio Valentini [decathorpe@gmail.com] - 5.1.17-5
- Regenerate with rust2rpm v24
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-silver-2.0.1-7.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-silver
Product : Fedora 38
Version : 2.0.1
Release : 7.fc38
URL : https://crates.io/crates/silver
Summary : Cross-shell customizable powerline-like prompt with icons
Description :
A cross-shell customizable powerline-like prompt with icons.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 2.0.1-7
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Sat Jan 27 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jul 21 2023 Fedora Release Engineering [releng@fedoraproject.org] - 2.0.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-pretty-git-prompt-0.2.1-20.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-pretty-git-prompt
Product : Fedora 38
Version : 0.2.1
Release : 20.fc38
URL : https://crates.io/crates/pretty-git-prompt
Summary : Your current git repository information inside a beautiful shell prompt
Description :
Your current git repository information inside a beautiful shell prompt.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.2.1-20
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.1-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jul 21 2023 Fedora Release Engineering [releng@fedoraproject.org] - 0.2.1-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-pore-0.1.10-3.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-pore
Product : Fedora 38
Version : 0.1.10
Release : 3.fc38
URL : https://crates.io/crates/pore
Summary : Performance oriented reimplementation of repo
Description :
A performance oriented reimplementation of repo.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.1.10-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-bat-0.24.0-3.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-bat
Product : Fedora 38
Version : 0.24.0
Release : 3.fc38
URL : https://crates.io/crates/bat
Summary : Cat(1) clone with wings
Description :
A cat(1) clone with wings.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.24.0-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-lsd-1.0.0-3.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-lsd
Product : Fedora 38
Version : 1.0.0
Release : 3.fc38
URL : https://crates.io/crates/lsd
Summary : Ls command with a lot of pretty colors and some other stuff
Description :
An ls command with a lot of pretty colors and some other stuff.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 1.0.0-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-gitui-0.24.3-4.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-gitui
Product : Fedora 38
Version : 0.24.3
Release : 4.fc38
URL : https://crates.io/crates/gitui
Summary : Blazing fast terminal-ui for git
Description :
Blazing fast terminal-ui for git.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.24.3-4
- Attempt to work around OOM problems on i686
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.24.3-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-libgit2-sys-0.16.2-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-libgit2-sys
Product : Fedora 38
Version : 0.16.2
Release : 1.fc38
URL : https://crates.io/crates/libgit2-sys
Summary : Native bindings to the libgit2 library
Description :
Native bindings to the libgit2 library.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.16.2-1
- Update to version 0.16.2+1.7.2; Fixes RHBZ#2263125
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.16.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-git2-0.18.2-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-git2
Product : Fedora 38
Version : 0.18.2
Release : 1.fc38
URL : https://crates.io/crates/git2
Summary : Bindings to libgit2 for interoperating with git repositories
Description :
Bindings to libgit2 for interoperating with git repositories. This
library is both threadsafe and memory safe and allows both reading and
writing git repositories.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.18.2-1
- Update to version 0.18.2; Fixes RHBZ#2263124
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.18.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-eza-0.17.3-2.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-eza
Product : Fedora 38
Version : 0.17.3
Release : 2.fc38
URL : https://crates.io/crates/eza
Summary : Modern replacement for ls
Description :
A modern replacement for ls.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.17.3-2
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-cargo-c-0.9.28-4.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-cargo-c
Product : Fedora 38
Version : 0.9.28
Release : 4.fc38
URL : https://crates.io/crates/cargo-c
Summary : Helper program to build and install c-like libraries
Description :
Helper program to build and install c-like libraries.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.9.28-4
- Attempt to work around OOM problems on i686
* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.9.28-3
- Rebuild for CVE-2024-24575 and CVE-2024-24577 in libgit2
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.9.28-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: rust-asyncgit-0.24.3-3.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-993d3a78dd
2024-02-22 02:22:22.545942
--------------------------------------------------------------------------------

Name : rust-asyncgit
Product : Fedora 38
Version : 0.24.3
Release : 3.fc38
URL : https://crates.io/crates/asyncgit
Summary : Allow using git2 in a asynchronous context
Description :
Allow using git2 in a asynchronous context.

--------------------------------------------------------------------------------
Update Information:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.
Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy
of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.
Since the libgit2 bindings cause applications that use them to statically link
libgit2, this update also includes rebuilds of all affected applications.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 13 2024 Fabio Valentini [decathorpe@gmail.com] - 0.24.3-3
- Bump git2 dependency from 0.17 to 0.18
* Fri Jan 26 2024 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-993d3a78dd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: kernel-6.7.5-200.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-88847bc77a
2024-02-22 02:17:12.229415
--------------------------------------------------------------------------------

Name : kernel
Product : Fedora 39
Version : 6.7.5
Release : 200.fc39
URL : https://www.kernel.org/
Summary : The Linux kernel
Description :
The kernel meta package

--------------------------------------------------------------------------------
Update Information:

The 6.7.5 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb 17 2024 Justin M. Forbes [jforbes@fedoraproject.org] [6.7.5-0]
- Backported some CVE fixes lets note them in BugsFixed (Justin M. Forbes)
- selftests: openvswitch: Add validation for the recursion test (Aaron Conole)
- net: openvswitch: limit the number of recursions from action sets (Aaron Conole)
- dm: limit the number of targets and parameter size area (Mikulas Patocka)
- Add btrfs bug for 6.7.5 (Justin M. Forbes)
- btrfs: don't refill whole delayed refs block reserve when starting transaction (Filipe Manana)
- Add 6.7.5 fix to BugsFixed (Justin M. Forbes)
- drm/amd: Stop evicting resources on APUs in suspend (Mario Limonciello)
- Revert "drm/amd: flush any delayed gfxoff on suspend entry" (Mario Limonciello)
- smb: client: set correct id, uid and cruid for multiuser automounts (Paulo Alcantara)
- Turn off CONFIG_INTEL_VSC for Fedora (Justin M. Forbes)
- platform/x86: Support for mode FN key (Mark Pearson)
- Linux v6.7.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2262241 - CVE-2024-1151 kernel: stack overflow problem in Open vSwitch kernel module leading to DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2262241
[ 2 ] Bug #2263856 - CVE-2023-52429 kernel: missing check for struct in dm-table.c can cause a crash
https://bugzilla.redhat.com/show_bug.cgi?id=2263856
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-88847bc77a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: mbedtls-2.28.7-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c7f1c839ac
2024-02-22 02:22:22.545822
--------------------------------------------------------------------------------

Name : mbedtls
Product : Fedora 38
Version : 2.28.7
Release : 1.fc38
URL : https://www.trustedfirmware.org/projects/mbed-tls
Summary : Light-weight cryptographic and SSL/TLS library
Description :
Mbed TLS is a light-weight open source cryptographic and SSL/TLS
library written in C. Mbed TLS makes it easy for developers to include
cryptographic and SSL/TLS capabilities in their (embedded)
applications with as little hassle as possible.

--------------------------------------------------------------------------------
Update Information:

Update to 2.28.7
Release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.7
Security Advisories:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-
advisory-2024-01-1/
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-
advisory-2024-01-2/
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 6 2024 Morten Stevens [mstevens@fedoraproject.org] - 2.28.7-1
- Update to 2.28.7
* Tue Feb 6 2024 Morten Stevens [mstevens@fedoraproject.org] - 2.28.5-4
- Disabled testing due to build issues with GCC 14
* Thu Jan 25 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.28.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering [releng@fedoraproject.org] - 2.28.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2261600 - CVE-2024-23170 CVE-2024-23775 mbedtls: multiple vulnerabilties [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2261600
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c7f1c839ac' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--