January 2025 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1235210] New: VUL-0: CVE-2024-28180: influxdb2: gopkg.in/square/go-jose.v2: improper handling of highly compressed data
by bugzilla_noreply＠suse.com 07 Jan '25

07 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235210 Bug ID: 1235210 Summary: VUL-0: CVE-2024-28180: influxdb2: gopkg.in/square/go-jose.v2: improper handling of highly compressed data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other URL: https://smash.suse.de/issue/396762/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: matwey.kornilov(a)gmail.com Reporter: andrea.mattiazzo(a)suse.com QA Contact: security-team(a)suse.de Blocks: 1234984 Target Milestone: --- Found By: --- Blocker: --- Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28180 https://www.cve.org/CVERecord?id=CVE-2024-28180 https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694… https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451… https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf9… https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g https://bugzilla.redhat.com/show_bug.cgi?id=2268854 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://github.com/CVEProject/cvelistV5/blob/main//cves/2024/28xxx/CVE-2024… -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1235203] New: VUL-0: CVE-2024-28180: arlon-cli: gopkg.in/square/go-jose.v2: improper handling of highly compressed data
by bugzilla_noreply＠suse.com 07 Jan '25

07 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235203 Bug ID: 1235203 Summary: VUL-0: CVE-2024-28180: arlon-cli: gopkg.in/square/go-jose.v2: improper handling of highly compressed data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other URL: https://smash.suse.de/issue/396762/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: opensuse_buildservice(a)ojkastl.de Reporter: andrea.mattiazzo(a)suse.com QA Contact: security-team(a)suse.de Blocks: 1234984 Target Milestone: --- Found By: --- Blocker: --- Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28180 https://www.cve.org/CVERecord?id=CVE-2024-28180 https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694… https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451… https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf9… https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g https://bugzilla.redhat.com/show_bug.cgi?id=2268854 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://github.com/CVEProject/cvelistV5/blob/main//cves/2024/28xxx/CVE-2024… -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1235205] New: VUL-0: CVE-2024-28180: ceph-csi: gopkg.in/square/go-jose.v2: improper handling of highly compressed data
by bugzilla_noreply＠suse.com 07 Jan '25

07 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235205 Bug ID: 1235205 Summary: VUL-0: CVE-2024-28180: ceph-csi: gopkg.in/square/go-jose.v2: improper handling of highly compressed data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other URL: https://smash.suse.de/issue/396762/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: stefan.haas(a)suse.com Reporter: andrea.mattiazzo(a)suse.com QA Contact: security-team(a)suse.de Blocks: 1234984 Target Milestone: --- Found By: --- Blocker: --- Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28180 https://www.cve.org/CVERecord?id=CVE-2024-28180 https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694… https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451… https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf9… https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g https://bugzilla.redhat.com/show_bug.cgi?id=2268854 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://github.com/CVEProject/cvelistV5/blob/main//cves/2024/28xxx/CVE-2024… -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1235202] New: VUL-0: CVE-2024-28180: dex-oidc: gopkg.in/square/go-jose.v2: improper handling of highly compressed data
by bugzilla_noreply＠suse.com 07 Jan '25

07 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235202 Bug ID: 1235202 Summary: VUL-0: CVE-2024-28180: dex-oidc: gopkg.in/square/go-jose.v2: improper handling of highly compressed data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other URL: https://smash.suse.de/issue/396762/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: fcastelli(a)suse.com Reporter: andrea.mattiazzo(a)suse.com QA Contact: security-team(a)suse.de Blocks: 1234984 Target Milestone: --- Found By: --- Blocker: --- Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28180 https://www.cve.org/CVERecord?id=CVE-2024-28180 https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694… https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451… https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf9… https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g https://bugzilla.redhat.com/show_bug.cgi?id=2268854 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://github.com/CVEProject/cvelistV5/blob/main//cves/2024/28xxx/CVE-2024… -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1235208] New: VUL-0: CVE-2024-28180: cri-o: gopkg.in/square/go-jose.v2: improper handling of highly compressed data
by bugzilla_noreply＠suse.com 07 Jan '25

07 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235208 Bug ID: 1235208 Summary: VUL-0: CVE-2024-28180: cri-o: gopkg.in/square/go-jose.v2: improper handling of highly compressed data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other URL: https://smash.suse.de/issue/396762/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: jkowalczyk(a)suse.com Reporter: andrea.mattiazzo(a)suse.com QA Contact: security-team(a)suse.de Blocks: 1234984 Target Milestone: --- Found By: --- Blocker: --- Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28180 https://www.cve.org/CVERecord?id=CVE-2024-28180 https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694… https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451… https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf9… https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g https://bugzilla.redhat.com/show_bug.cgi?id=2268854 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://github.com/CVEProject/cvelistV5/blob/main//cves/2024/28xxx/CVE-2024… -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1235207] New: VUL-0: CVE-2024-28180: digger-cli: gopkg.in/square/go-jose.v2: improper handling of highly compressed data
by bugzilla_noreply＠suse.com 07 Jan '25

07 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235207 Bug ID: 1235207 Summary: VUL-0: CVE-2024-28180: digger-cli: gopkg.in/square/go-jose.v2: improper handling of highly compressed data Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other URL: https://smash.suse.de/issue/396762/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: opensuse_buildservice(a)ojkastl.de Reporter: andrea.mattiazzo(a)suse.com QA Contact: security-team(a)suse.de Blocks: 1234984 Target Milestone: --- Found By: --- Blocker: --- Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28180 https://www.cve.org/CVERecord?id=CVE-2024-28180 https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694… https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451… https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf9… https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g https://bugzilla.redhat.com/show_bug.cgi?id=2268854 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://github.com/CVEProject/cvelistV5/blob/main//cves/2024/28xxx/CVE-2024… -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1235097] New: zypper output cluttered by failed assertions
by bugzilla_noreply＠suse.com 07 Jan '25

07 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235097 Bug ID: 1235097 Summary: zypper output cluttered by failed assertions Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: jdelvare(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- I installed a fresh Leap 15.6 on bare metal last week, and I'm getting loads of failed assertions on most zypper commands: (process:6854): GLib-CRITICAL **: 10:48:10.576: g_uri_get_scheme: assertion 'uri != NULL' failed (process:6854): GLib-CRITICAL **: 10:48:10.576: g_str_has_prefix: assertion 'str != NULL' failed I've read bug #1228999 and bug #1220128 which seem related, however the first bug is supposedly fixed by a libproxy update (0.5.3-150600.4.3.2) which I have already installed, and the second bug was closed without details, being supposedly already fixed but on a different product (Tumbleweed). For the record, I am not using any proxy. This is a pretty basic install with default repositories, except for Packman and Libdvdcss repositories being added, and a static IPv4 address, DNS server and route instead of the default DHCP config. While I did not observe any functional issue due to these errors, it makes zypper unpleasant to use, as this could hide more useful messages, and fills out the shell windows' log, making it harder to scroll back when needed. So I would appreciate if this can be fixed. -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 1234939] DHCPd startup does not wait for device ready
by bugzilla_noreply＠suse.com 07 Jan '25

07 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1234939 Reinhard Max <max(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|max(a)suse.com |jorik.cronenberg(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1235156] New: VUL-0: CVE-2023-49295: dnscrypt-proxy: github.com/quic-go/quic-go: memory exhaustion attack against QUIC's path validation mechanism
by bugzilla_noreply＠suse.com 07 Jan '25

07 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235156 Bug ID: 1235156 Summary: VUL-0: CVE-2023-49295: dnscrypt-proxy: github.com/quic-go/quic-go: memory exhaustion attack against QUIC's path validation mechanism Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other URL: https://smash.suse.de/issue/390776/ OS: Other Status: NEW Whiteboard: CVSSv3.1:SUSE:CVE-2023-49295:6.5:(AV:N/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H) CVSSv4:SUSE:CVE-2023-49295:6.0:(AV:N/AC:L/AT:P/PR:L/UI :N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N) Severity: Normal Priority: P5 - None Component: Security Assignee: cunix(a)mail.de Reporter: andrea.mattiazzo(a)suse.com QA Contact: security-team(a)suse.de Blocks: 1234982 Target Milestone: --- Found By: --- Blocker: --- quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49295 https://www.cve.org/CVERecord?id=CVE-2023-49295 https://github.com/quic-go/quic-go/commit/17fc98c2d81dbe685c19702dc694a9d60… https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541… https://github.com/quic-go/quic-go/commit/3a9c18bcd27a01c551ac9bf8bd2b4bded… https://github.com/quic-go/quic-go/commit/554d543b50b917369fb1394cc5396d928… https://github.com/quic-go/quic-go/commit/6cc3d58935426191296171a6c0d1ee965… https://github.com/quic-go/quic-go/commit/9aaefe19fc3dc8c8917cc87e6128bb56d… https://github.com/quic-go/quic-go/commit/a0ffa757499913f7be69aa78f573a6aee… https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b… https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf https://bugzilla.redhat.com/show_bug.cgi?id=2257815 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1235158] New: VUL-0: CVE-2023-49295: caddy: github.com/quic-go/quic-go: memory exhaustion attack against QUIC's path validation mechanism
by bugzilla_noreply＠suse.com 07 Jan '25

07 Jan '25

https://bugzilla.suse.com/show_bug.cgi?id=1235158 Bug ID: 1235158 Summary: VUL-0: CVE-2023-49295: caddy: github.com/quic-go/quic-go: memory exhaustion attack against QUIC's path validation mechanism Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other URL: https://smash.suse.de/issue/390776/ OS: Other Status: NEW Whiteboard: CVSSv3.1:SUSE:CVE-2023-49295:6.5:(AV:N/AC:L/PR:L/UI:N/ S:U/C:N/I:N/A:H) CVSSv4:SUSE:CVE-2023-49295:6.0:(AV:N/AC:L/AT:P/PR:L/UI :N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N) Severity: Normal Priority: P5 - None Component: Security Assignee: jkowalczyk(a)suse.com Reporter: andrea.mattiazzo(a)suse.com QA Contact: security-team(a)suse.de Blocks: 1234982 Target Milestone: --- Found By: --- Blocker: --- quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49295 https://www.cve.org/CVERecord?id=CVE-2023-49295 https://github.com/quic-go/quic-go/commit/17fc98c2d81dbe685c19702dc694a9d60… https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541… https://github.com/quic-go/quic-go/commit/3a9c18bcd27a01c551ac9bf8bd2b4bded… https://github.com/quic-go/quic-go/commit/554d543b50b917369fb1394cc5396d928… https://github.com/quic-go/quic-go/commit/6cc3d58935426191296171a6c0d1ee965… https://github.com/quic-go/quic-go/commit/9aaefe19fc3dc8c8917cc87e6128bb56d… https://github.com/quic-go/quic-go/commit/a0ffa757499913f7be69aa78f573a6aee… https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b… https://github.com/quic-go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf https://bugzilla.redhat.com/show_bug.cgi?id=2257815 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… https://lists.fedoraproject.org/archives/list/package-announce@lists.fedora… -- You are receiving this mail because: You are on the CC list for the bug.

1 2