Fedora alert FEDORA-2026-6d67b00ef1 (glow)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 43 Update: glow-2.1.2-1.fc43 | |
| Date: | Fri, 01 May 2026 03:06:27 +0000 | |
| Message-ID: | <20260501030627.8BAA264FDB@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6d67b00ef1 2026-05-01 03:01:50.286553+00:00 -------------------------------------------------------------------------------- Name : glow Product : Fedora 43 Version : 2.1.2 Release : 1.fc43 URL : https://github.com/charmbracelet/glow Summary : Terminal based markdown reader Description : Glow is a terminal based markdown reader designed from the ground up to bring out the beauty—and power—of the CLI. Use it to discover markdown files, read documentation directly on the command line. Glow will find local markdown files in subdirectories or a local Git repository. -------------------------------------------------------------------------------- Update Information: Update to version 2.1.2. This also updates some of the vendored dependencies to fix CVEs, as well as building with the latest golang to fix even more CVEs. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2026 Carl George <carlwgeorge@fedoraproject.org> - 2.1.2-1 - Update to version 2.1.2 rhbz#2457076 - Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160 * Sun Mar 22 2026 Carl George <carlwgeorge@fedoraproject.org> - 2.1.1-10 - Adopt go-vendor-tools * Mon Feb 2 2026 Maxwell G <maxwell@gtmx.me> - 2.1.1-9 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Alejandro Sáez <asm@redhat.com> - 2.1.1-7 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2408174 - CVE-2025-58189 glow: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408174 [ 2 ] Bug #2409644 - CVE-2025-61723 glow: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409644 [ 3 ] Bug #2410595 - CVE-2025-58185 glow: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410595 [ 4 ] Bug #2411493 - CVE-2025-58188 glow: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411493 [ 5 ] Bug #2457076 - glow-2.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2457076 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6d67b00ef1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
Attachment: None (type=text/plain)
-- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new