Fedora Linux 8779 Published by

The following security updates are available for Fedora Linux:

Fedora 40 Update: tpm2-tss-4.1.0-1.fc40
Fedora 40 Update: et-6.2.8-1.fc40
Fedora 40 Update: tpm2-tools-5.7-1.fc40
Fedora 40 Update: python-openapi-core-0.19.1-3.fc40
Fedora 40 Update: python-aiohttp-3.9.5-1.fc40
Fedora 40 Update: php-tcpdf-6.7.5-1.fc40
Fedora 38 Update: et-6.2.8-1.fc38
Fedora 38 Update: thunderbird-115.10.1-4.fc38
Fedora 38 Update: python-aiohttp-3.9.5-1.fc38
Fedora 39 Update: et-6.2.8-1.fc39
Fedora 39 Update: python-aiohttp-3.9.5-1.fc39



Fedora 40 Update: tpm2-tss-4.1.0-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0c9d3b51d4
2024-05-02 01:55:56.608346
--------------------------------------------------------------------------------

Name : tpm2-tss
Product : Fedora 40
Version : 4.1.0
Release : 1.fc40
URL : https://github.com/tpm2-software/tpm2-tss
Summary : TPM2.0 Software Stack
Description :
tpm2-tss is a software stack supporting Trusted Platform Module(TPM) 2.0 system
APIs. It sits between TPM driver and applications, providing TPM2.0 specified
APIs for applications to access TPM module through kernel TPM drivers.

--------------------------------------------------------------------------------
Update Information:

tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 27 2024 Peter Robinson [pbrobinson@fedoraproject.org] - 4.1.0-1
- Update to 4.1.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271763 - tpm2-tss-4.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2271763
[ 2 ] Bug #2277437 - tpm2-tools-5.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2277437
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0c9d3b51d4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: et-6.2.8-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b745c97f4b
2024-05-02 01:55:56.608353
--------------------------------------------------------------------------------

Name : et
Product : Fedora 40
Version : 6.2.8
Release : 1.fc40
URL : https://mistertea.github.io/EternalTerminal/
Summary : Remote shell that survives IP roaming and disconnect
Description :
Eternal Terminal (ET) is a remote shell that automatically reconnects without
interrupting the session.

--------------------------------------------------------------------------------
Update Information:

Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 30 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.8-1
- Update to 6.2.8 (rhbz#2162155)
- Temporarily rebundle catch2; the version in Fedora is too old
* Fri Apr 26 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.1-15
- Disable unwind on s390x
* Fri Apr 26 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.1-14
- Unbundle cpp-httplib (rhbz#2169585)
- Eliminate almost all sed usage
- Use find_package to find cxxopts
- Use pkg_check_modules to find easylogging++
- Enable SELinux support
- Enable unwind support
* Thu Apr 25 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.1-13
- Use SPDX license identifier
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2161247 - CVE-2022-48257 et: EternalTerminal: information exposure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2161247
[ 2 ] Bug #2161251 - CVE-2022-48258 et: MisterTea/EternalTerminal: information exposure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2161251
[ 3 ] Bug #2162155 - et-6.2.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2162155
[ 4 ] Bug #2169585 - Please try to use cpp-httplib-devel package
https://bugzilla.redhat.com/show_bug.cgi?id=2169585
[ 5 ] Bug #2211077 - CVE-2023-26130 et: cpp-httplib: CRLF Injection [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2211077
[ 6 ] Bug #2211079 - CVE-2023-26130 et: cpp-httplib: CRLF Injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2211079
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b745c97f4b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: tpm2-tools-5.7-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0c9d3b51d4
2024-05-02 01:55:56.608346
--------------------------------------------------------------------------------

Name : tpm2-tools
Product : Fedora 40
Version : 5.7
Release : 1.fc40
URL : https://github.com/tpm2-software/tpm2-tools
Summary : A bunch of TPM testing toolS build upon tpm2-tss
Description :
tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss.

--------------------------------------------------------------------------------
Update Information:

tpm2-tss:
Fixed CVE-2024-29040
tpm2-tools:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
--------------------------------------------------------------------------------
ChangeLog:

* Sun Apr 28 2024 Peter Robinson [pbrobinson@fedoraproject.org] - 5.7-1
- Update to 5.7
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2271763 - tpm2-tss-4.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2271763
[ 2 ] Bug #2277437 - tpm2-tools-5.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2277437
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0c9d3b51d4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: python-openapi-core-0.19.1-3.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-000a25f3fc
2024-05-02 01:55:56.608312
--------------------------------------------------------------------------------

Name : python-openapi-core
Product : Fedora 40
Version : 0.19.1
Release : 3.fc40
URL : https://github.com/python-openapi/openapi-core
Summary : OpenAPI client-side and server-side support
Description :
Openapi-core is a Python library that adds client-side and server-side
support for the OpenAPI v3.0 and OpenAPI v3.1 specification.

--------------------------------------------------------------------------------
Update Information:

Security update for CVE-2024-27306
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 22 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 0.19.1-3
- Patch for python-aiohttp 3.9.4 and later
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2275989 - CVE-2024-27306 aiohttp: XSS on index pages for static file handling
https://bugzilla.redhat.com/show_bug.cgi?id=2275989
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-000a25f3fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: python-aiohttp-3.9.5-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-000a25f3fc
2024-05-02 01:55:56.608312
--------------------------------------------------------------------------------

Name : python-aiohttp
Product : Fedora 40
Version : 3.9.5
Release : 1.fc40
URL : https://github.com/aio-libs/aiohttp
Summary : Python HTTP client/server for asyncio
Description :
Python HTTP client/server for asyncio which supports both the client and the
server side of the HTTP protocol, client and server websocket, and webservers
with middlewares and pluggable routing.

--------------------------------------------------------------------------------
Update Information:

Security update for CVE-2024-27306
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 19 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 3.9.5-1
- Update to 3.9.5 (fix RHBZ#2275991, fix CVE-2024-27306)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2275989 - CVE-2024-27306 aiohttp: XSS on index pages for static file handling
https://bugzilla.redhat.com/show_bug.cgi?id=2275989
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-000a25f3fc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: php-tcpdf-6.7.5-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-27eafd0e65
2024-05-02 01:55:56.608159
--------------------------------------------------------------------------------

Name : php-tcpdf
Product : Fedora 40
Version : 6.7.5
Release : 1.fc40
URL : http://www.tcpdf.org
Summary : PHP class for generating PDF documents and barcodes
Description :
PHP class for generating PDF documents.

* no external libraries are required for the basic functions;
* all standard page formats, custom page formats, custom margins and units
of measure;
* UTF-8 Unicode and Right-To-Left languages;
* TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0 fonts;
* font subsetting;
* methods to publish some XHTML + CSS code, Javascript and Forms;
* images, graphic (geometric figures) and transformation methods;
* supports JPEG, PNG and SVG images natively, all images supported by GD
(GD, GD2, GD2PART, GIF, JPEG, PNG, BMP, XBM, XPM) and all images supported
via ImagMagick (http: www.imagemagick.org/www/formats.html)
* 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93,
USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits
UPC-Based Extention, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET,
RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code),
KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode,
USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS,
Datamatrix ECC200, QR-Code, PDF417;
* ICC Color Profiles, Grayscale, RGB, CMYK, Spot Colors and Transparencies;
* automatic page header and footer management;
* document encryption up to 256 bit and digital signature certifications;
* transactions to UNDO commands;
* PDF annotations, including links, text and file attachments;
* text rendering modes (fill, stroke and clipping);
* multiple columns mode;
* no-write page regions;
* bookmarks and table of content;
* text hyphenation;
* text stretching and spacing (tracking/kerning);
* automatic page break, line break and text alignments including justification;
* automatic page numbering and page groups;
* move and delete pages;
* page compression (requires php-zlib extension);
* XOBject templates;
* PDF/A-1b (ISO 19005-1:2005) support.

By default, TCPDF uses the GD library which is know as slower than ImageMagick
solution. You can optionally install php-pecl-imagick; TCPDF will use it.

--------------------------------------------------------------------------------
Update Information:

Version 6.7.5 (2024-04-20)
Update GitHub actions
fix: CSV-2024-22640 (#712)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 23 2024 Remi Collet [remi@remirepo.net] - 6.7.5-1
- update to 6.7.5
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2276090 - CVE-2024-22640 tcpdf: ReDos when parsing an untrusted HTML page with a crafted color
https://bugzilla.redhat.com/show_bug.cgi?id=2276090
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-27eafd0e65' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: et-6.2.8-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-bd9e67c117
2024-05-02 01:43:10.602183
--------------------------------------------------------------------------------

Name : et
Product : Fedora 38
Version : 6.2.8
Release : 1.fc38
URL : https://mistertea.github.io/EternalTerminal/
Summary : Remote shell that survives IP roaming and disconnect
Description :
Eternal Terminal (ET) is a remote shell that automatically reconnects without
interrupting the session.

--------------------------------------------------------------------------------
Update Information:

Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 30 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.8-1
- Update to 6.2.8 (rhbz#2162155)
- Temporarily rebundle catch2; the version in Fedora is too old
* Fri Apr 26 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.1-15
- Disable unwind on s390x
* Fri Apr 26 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.1-14
- Unbundle cpp-httplib (rhbz#2169585)
- Eliminate almost all sed usage
- Use find_package to find cxxopts
- Use pkg_check_modules to find easylogging++
- Enable SELinux support
- Enable unwind support
* Thu Apr 25 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.1-13
- Use SPDX license identifier
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 6.2.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 6.2.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2161247 - CVE-2022-48257 et: EternalTerminal: information exposure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2161247
[ 2 ] Bug #2161251 - CVE-2022-48258 et: MisterTea/EternalTerminal: information exposure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2161251
[ 3 ] Bug #2162155 - et-6.2.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2162155
[ 4 ] Bug #2169585 - Please try to use cpp-httplib-devel package
https://bugzilla.redhat.com/show_bug.cgi?id=2169585
[ 5 ] Bug #2211077 - CVE-2023-26130 et: cpp-httplib: CRLF Injection [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2211077
[ 6 ] Bug #2211079 - CVE-2023-26130 et: cpp-httplib: CRLF Injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2211079
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-bd9e67c117' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: thunderbird-115.10.1-4.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-15b892ebd3
2024-05-02 01:43:10.602163
--------------------------------------------------------------------------------

Name : thunderbird
Product : Fedora 38
Version : 115.10.1
Release : 4.fc38
URL : http://www.mozilla.org/projects/thunderbird/
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

--------------------------------------------------------------------------------
Update Information:

Update to 115.10.1
https://www.thunderbird.net/en-US/thunderbird/115.10.1/releasenotes/
Fix https://bugzilla.redhat.com/show_bug.cgi?id=2276078
Including security update to 115.10.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-20/
https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 23 2024 Jan Horak [jhorak@redhat.com] - 115.10.1-4
- Move the MOZ_APP_REMOTINGNAME from the startup script to the build options.
* Tue Apr 23 2024 Jan Horak [jhorak@redhat.com] - 115.10.1-3
- Fixed startup script
* Mon Apr 22 2024 Eike Rathke [erack@redhat.com] - 115.10.1-2
- Resolves: rhbz#2276078 Set MOZ_APP_REMOTINGNAME to firefox
* Mon Apr 22 2024 Eike Rathke [erack@redhat.com] - 115.10.1-1
- Update to 115.10.1
* Tue Apr 16 2024 Eike Rathke [erack@redhat.com] - 115.10.0-1
- Update to 115.10.0
- Revert expat CVE-2023-52425 fix
* Fri Mar 22 2024 Jan Horak [jhorak@redhat.com] - 115.9.0-2
- Use wayland backend on Fedora 40+
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2276078 - Opening links in emails with Firefox fails if FF is already running
https://bugzilla.redhat.com/show_bug.cgi?id=2276078
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-15b892ebd3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 38 Update: python-aiohttp-3.9.5-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-f34786d26f
2024-05-02 01:43:10.602156
--------------------------------------------------------------------------------

Name : python-aiohttp
Product : Fedora 38
Version : 3.9.5
Release : 1.fc38
URL : https://github.com/aio-libs/aiohttp
Summary : Python HTTP client/server for asyncio
Description :
Python HTTP client/server for asyncio which supports both the client and the
server side of the HTTP protocol, client and server websocket, and webservers
with middlewares and pluggable routing.

--------------------------------------------------------------------------------
Update Information:

Security update for CVE-2024-27306
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 19 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 3.9.5-1
- Update to 3.9.5 (fix RHBZ#2275991, fix CVE-2024-27306)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2275989 - CVE-2024-27306 aiohttp: XSS on index pages for static file handling
https://bugzilla.redhat.com/show_bug.cgi?id=2275989
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-f34786d26f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: et-6.2.8-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-94a155818c
2024-05-02 01:36:55.268644
--------------------------------------------------------------------------------

Name : et
Product : Fedora 39
Version : 6.2.8
Release : 1.fc39
URL : https://mistertea.github.io/EternalTerminal/
Summary : Remote shell that survives IP roaming and disconnect
Description :
Eternal Terminal (ET) is a remote shell that automatically reconnects without
interrupting the session.

--------------------------------------------------------------------------------
Update Information:

Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 30 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.8-1
- Update to 6.2.8 (rhbz#2162155)
- Temporarily rebundle catch2; the version in Fedora is too old
* Fri Apr 26 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.1-15
- Disable unwind on s390x
* Fri Apr 26 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.1-14
- Unbundle cpp-httplib (rhbz#2169585)
- Eliminate almost all sed usage
- Use find_package to find cxxopts
- Use pkg_check_modules to find easylogging++
- Enable SELinux support
- Enable unwind support
* Thu Apr 25 2024 Michel Lind [salimma@fedoraproject.org] - 6.2.1-13
- Use SPDX license identifier
* Wed Jan 24 2024 Fedora Release Engineering [releng@fedoraproject.org] - 6.2.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering [releng@fedoraproject.org] - 6.2.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2161247 - CVE-2022-48257 et: EternalTerminal: information exposure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2161247
[ 2 ] Bug #2161251 - CVE-2022-48258 et: MisterTea/EternalTerminal: information exposure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2161251
[ 3 ] Bug #2162155 - et-6.2.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2162155
[ 4 ] Bug #2169585 - Please try to use cpp-httplib-devel package
https://bugzilla.redhat.com/show_bug.cgi?id=2169585
[ 5 ] Bug #2211077 - CVE-2023-26130 et: cpp-httplib: CRLF Injection [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2211077
[ 6 ] Bug #2211079 - CVE-2023-26130 et: cpp-httplib: CRLF Injection [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2211079
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-94a155818c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python-aiohttp-3.9.5-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e0057e6044
2024-05-02 01:36:55.268591
--------------------------------------------------------------------------------

Name : python-aiohttp
Product : Fedora 39
Version : 3.9.5
Release : 1.fc39
URL : https://github.com/aio-libs/aiohttp
Summary : Python HTTP client/server for asyncio
Description :
Python HTTP client/server for asyncio which supports both the client and the
server side of the HTTP protocol, client and server websocket, and webservers
with middlewares and pluggable routing.

--------------------------------------------------------------------------------
Update Information:

Security update for CVE-2024-27306
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 19 2024 Benjamin A. Beasley [code@musicinmybrain.net] - 3.9.5-1
- Update to 3.9.5 (fix RHBZ#2275991, fix CVE-2024-27306)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2275989 - CVE-2024-27306 aiohttp: XSS on index pages for static file handling
https://bugzilla.redhat.com/show_bug.cgi?id=2275989
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e0057e6044' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--