--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-0c9aaeb447
2024-04-17 02:11:07.454502
--------------------------------------------------------------------------------

Name        : python-cbor2
Product     : Fedora 38
Version     : 5.6.2
Release     : 1.fc38
URL         : https://github.com/agronholm/cbor2
Summary     : Python CBOR (de)serializer with extensive tag support
Description :
This library provides encoding and decoding for the Concise Binary Object
Representation (CBOR) (RFC 7049) serialization format.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release (closes rhbz#2261550, closes rhbz#2245361)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr  8 2024 Fabian Affolter  - 5.6.2-1
- Update to latest upstream release (closes rhbz#2261550, closes rhbz#2245361)
- Fixes CVE-2024-26134 (closes rhbz#2265036, closes rhbz#bug 2265035)
* Sat Feb  3 2024 Fabian Affolter  - 5.6.1-1
- Update to latest upstream release 5.6.1 (closes rhbz#2245361)
* Fri Jan 26 2024 Fedora Release Engineering  - 5.1.2-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering  - 5.1.2-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Aug 30 2023 Carl George  - 5.1.2-12
- Convert to pyproject macros
- Validated license as SPDX identifier
* Fri Jul 21 2023 Fedora Release Engineering  - 5.1.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 15 2023 Python Maint  - 5.1.2-10
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2245361 - python-cbor2-5.6.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2245361
  [ 2 ] Bug #2261550 - python-cbor2: FTBFS in Fedora rawhide/f40
        https://bugzilla.redhat.com/show_bug.cgi?id=2261550
  [ 3 ] Bug #2265036 - CVE-2024-26134 python-cbor2: cbor2: Potential buffer overflow in CBOR2 decoder [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2265036
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-0c9aaeb447' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Do not reply to spam, report it: https://pagure.io/login/

Fedora 38: python-cbor2 2024-0c9aaeb447 Security Advisory Updates

April 17, 2024
Update to latest upstream release (closes rhbz#2261550, closes rhbz#2245361)

Summary

This library provides encoding and decoding for the Concise Binary Object

Representation (CBOR) (RFC 7049) serialization format.

Update Information:

Update to latest upstream release (closes rhbz#2261550, closes rhbz#2245361)

Change Log

* Mon Apr 8 2024 Fabian Affolter - 5.6.2-1 - Update to latest upstream release (closes rhbz#2261550, closes rhbz#2245361) - Fixes CVE-2024-26134 (closes rhbz#2265036, closes rhbz#bug 2265035) * Sat Feb 3 2024 Fabian Affolter - 5.6.1-1 - Update to latest upstream release 5.6.1 (closes rhbz#2245361) * Fri Jan 26 2024 Fedora Release Engineering - 5.1.2-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Jan 22 2024 Fedora Release Engineering - 5.1.2-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Aug 30 2023 Carl George - 5.1.2-12 - Convert to pyproject macros - Validated license as SPDX identifier * Fri Jul 21 2023 Fedora Release Engineering - 5.1.2-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jun 15 2023 Python Maint - 5.1.2-10 - Rebuilt for Python 3.12

References

[ 1 ] Bug #2245361 - python-cbor2-5.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2245361 [ 2 ] Bug #2261550 - python-cbor2: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261550 [ 3 ] Bug #2265036 - CVE-2024-26134 python-cbor2: cbor2: Potential buffer overflow in CBOR2 decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2265036

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-0c9aaeb447' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
Name : python-cbor2
Product : Fedora 38
Version : 5.6.2
Release : 1.fc38
URL : https://github.com/agronholm/cbor2
Summary : Python CBOR (de)serializer with extensive tag support

Related News

1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved