——————————————————————————–
Fedora Update Notification
FEDORA-2020-d53469eceb
2020-10-09 16:27:42.087258
——————————————————————————–
Name : oniguruma
Product : Fedora 31
Version : 6.9.4
Release : 2.fc31
URL : https://protect2.fireeye.com/v1/url?k=cd3efecf-912c4acb-cd396303-000babd90757-7b679a7ed0680589&q=1&e=e01f6a01-5490-4d2f-98c4-52b496112c53&u=https%3A%2F%2Fgithub.com%2Fkkos%2Foniguruma%2F
Summary : Regular expressions library
Description :
Oniguruma is a regular expressions library.
The characteristics of this library is that different character encoding
for every regular expression object can be specified.
(supported APIs: GNU regex, POSIX and Oniguruma native)
——————————————————————————–
Update Information:
Backport fix for CVE-2020-26159
——————————————————————————–
ChangeLog:
* Thu Oct 1 2020 Mamoru TASAKA <mtasaka@fedoraproject.org> – 6.9.4-2
– Apply upstream fix for CVE-2020-26159
——————————————————————————–
References:
[ 1 ] Bug #1884112 – CVE-2020-26159 oniguruma: Buffer overflow in concat_opt_exact_str could result in DoS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1884112
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-d53469eceb’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=1f0ded08-431f590c-1f0a70c4-000babd90757-c8ccb7b2518fff76&q=1&e=e01f6a01-5490-4d2f-98c4-52b496112c53&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
——————————————————————————–
Fedora Update Notification
FEDORA-2020-952c499e9d
2020-10-09 16:13:29.640049
——————————————————————————–
Name : oniguruma
Product : Fedora 32
Version : 6.9.5
Release : 3.rev1.fc32
URL : https://protect2.fireeye.com/v1/url?k=65f27e06-39e0ca02-65f5e3ca-000babd90757-9b7bf45b3275c161&q=1&e=3d053596-7bcd-45fb-bd02-d66d6710d903&u=https%3A%2F%2Fgithub.com%2Fkkos%2Foniguruma%2F
Summary : Regular expressions library
Description :
Oniguruma is a regular expressions library.
The characteristics of this library is that different character encoding
for every regular expression object can be specified.
(supported APIs: GNU regex, POSIX and Oniguruma native)
——————————————————————————–
Update Information:
Backport fix for CVE-2020-26159
——————————————————————————–
ChangeLog:
* Thu Oct 1 2020 Mamoru TASAKA <mtasaka@fedoraproject.org> – 6.9.5-3.rev1
– Apply upstream fix for CVE-2020-26159
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> – 6.9.5-2.rev1.1
– Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 1 2020 Jeff Law <law@redhat.com> – 6.9.5-2.rev1
– Disable LTO
——————————————————————————–
References:
[ 1 ] Bug #1884112 – CVE-2020-26159 oniguruma: Buffer overflow in concat_opt_exact_str could result in DoS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1884112
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-952c499e9d’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=c9700439-9562b03d-c97799f5-000babd90757-61385142cdc20d82&q=1&e=3d053596-7bcd-45fb-bd02-d66d6710d903&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org