The following Fedora EPEL 8 Security updates need testing:
Age URL
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0214580ca4
mbedtls-2.16.8-1.el8
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c5ced83bcc
seamonkey-2.53.4-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-11f765300e
singularity-3.6.3-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-17fdec3133
zeromq-4.3.3-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
fuzza-0.6.0-3.el8
matio-1.5.18-1.el8
nordugrid-arc-6.7.0-4.el8
proxytunnel-1.10.20200907-1.el8
python-afsapi-0.0.4-1.el8
python-spnego-0.1.1-2.el8
root-6.22.02-2.el8
xrdcl-http-5.0.2-1.el8
xrootd-5.0.2-1.el8
yadifa-2.3.10-1.el8
Details about builds:
================================================================================
fuzza-0.6.0-3.el8 (FEDORA-EPEL-2020-e7c02a4c08)
TCP fuzzing tool to test for remote buffer overflows
--------------------------------------------------------------------------------
Update Information:
Disable dependency generator
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
matio-1.5.18-1.el8 (FEDORA-EPEL-2020-9720b9f379)
Library for reading/writing Matlab MAT files
--------------------------------------------------------------------------------
Update Information:
1.5.18 https://github.com/tbeu/matio/releases/tag/v1.5.18
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Gwyn Ciesla <[email protected]> - 1.5.18-1
- 1.5.18
* Tue Jul 28 2020 Fedora Release Engineering <[email protected]> -
1.5.17-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1769546 - CVE-2019-17533 matio: improper null termination in
Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1769546
[ 2 ] Bug #1769548 - CVE-2019-17533 matio: improper null termination in
Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1769548
[ 3 ] Bug #1769550 - CVE-2019-17533 matio: improper null termination in
Mat_VarReadNextInfo4 in mat4.c leads to heap-based overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1769550
[ 4 ] Bug #1792008 - CVE-2019-20019 matio: excessive memory allocation in
Mat_VarRead5 in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792008
[ 5 ] Bug #1792009 - CVE-2019-20019 matio: excessive memory allocation in
Mat_VarRead5 in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792009
[ 6 ] Bug #1792295 - CVE-2019-20020 matio: stack-based buffer overflow in
ReadNextStructField in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792295
[ 7 ] Bug #1792296 - CVE-2019-20020 matio: stack-based buffer overflow in
ReadNextStructField in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792296
[ 8 ] Bug #1792301 - CVE-2019-20018 matio: stack-based buffer overflow in
ReadNextCell in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792301
[ 9 ] Bug #1792303 - CVE-2019-20018 matio: stack-based buffer overflow in
ReadNextCell in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792303
[ 10 ] Bug #1792333 - CVE-2019-20017 matio: stack-based buffer overflow in
Mat_VarReadNextInfo5 in mat5.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1792333
[ 11 ] Bug #1792336 - CVE-2019-20017 matio: stack-based buffer overflow in
Mat_VarReadNextInfo5 in mat5.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1792336
[ 12 ] Bug #1794726 - CVE-2019-20052 matio: memory leak in Mat_VarCalloc in
mat.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1794726
[ 13 ] Bug #1794727 - CVE-2019-20052 matio: memory leak in Mat_VarCalloc in
mat.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1794727
[ 14 ] Bug #1880167 - matio-1.5.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1880167
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-6.7.0-4.el8 (FEDORA-EPEL-2020-296f3d7907)
Advanced Resource Connector Middleware
--------------------------------------------------------------------------------
Update Information:
xrootd 5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 28 2020 Mattias Ellert <[email protected]> - 6.7.0-4
- xrootd 5 compatibility
* Tue Jul 28 2020 Fedora Release Engineering <[email protected]> -
6.7.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Jeff Law <[email protected]> - 6.7.0-2
- Always specify C++11 or C++14 rather than using the default
(which will be C++17 in the near future and this code is not C++17
ready).
--------------------------------------------------------------------------------
================================================================================
proxytunnel-1.10.20200907-1.el8 (FEDORA-EPEL-2020-7416e3e2e2)
Tool to tunnel a connection through an standard HTTP(S) proxy
--------------------------------------------------------------------------------
Update Information:
Remove patches
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-afsapi-0.0.4-1.el8 (FEDORA-EPEL-2020-7f16bcf5fc)
Python wrapper for the Frontier Silicon API
--------------------------------------------------------------------------------
Update Information:
Initial package for Fedora
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-spnego-0.1.1-2.el8 (FEDORA-EPEL-2020-d87e7a0b5e)
Windows Negotiate Authentication Client and Server
--------------------------------------------------------------------------------
Update Information:
Add missing BR (rhbz#1876588)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
root-6.22.02-2.el8 (FEDORA-EPEL-2020-296f3d7907)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
xrootd 5
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 30 2020 Mattias Ellert <[email protected]> - 6.22.02-2
- Adapt to xrootd 5 (Fedora 33+, EPEL 7+)
- Don't build the old proof client (xproofd)
- Don't build the old NetX module
--------------------------------------------------------------------------------
================================================================================
xrdcl-http-5.0.2-1.el8 (FEDORA-EPEL-2020-296f3d7907)
HTTP client plug-in for XRootD
--------------------------------------------------------------------------------
Update Information:
xrootd 5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 18 2020 Mattias Ellert <[email protected]> - 5.0.2-1
- Update to version 5.0.2
- Drop patches (accepted upstream or previously backported)
* Thu Aug 27 2020 Mattias Ellert <[email protected]> - 5.0.1-1
- Update to version 5.0.1
- Don't use versioned plugin names in configuration
- Backport plugin version change from git master
* Sat Aug 1 2020 Fedora Release Engineering <[email protected]> -
4.12.2-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <[email protected]> -
4.12.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
xrootd-5.0.2-1.el8 (FEDORA-EPEL-2020-296f3d7907)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
xrootd 5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 18 2020 Mattias Ellert <[email protected]> - 1:5.0.2-1
- Update to version 5.0.2
- Drop patches (accepted upstream or previously backported)
- Obsolete xrdhttpvoms in xrootd-voms package
* Thu Aug 27 2020 Mattias Ellert <[email protected]> - 1:5.0.1-1
- Update to version 5.0.1
- Remove conditionals for building on EPEL 6
- Drop patches (accepted upstream or previously backported)
- Fix 32 bit compilation (format error)
- Fix compilation on ARM, PPC and S390X (char is unsigned)
--------------------------------------------------------------------------------
================================================================================
yadifa-2.3.10-1.el8 (FEDORA-EPEL-2020-afb8e51e66)
Lightweight authoritative Name Server with DNSSEC capabilities
--------------------------------------------------------------------------------
Update Information:
20200915: YADIFA 2.3.10 - Added an autogen.sh script, as we did for
YADIFA 2.4.x - Fixes an issue with IPv6 aliases. - Fixes an issue
that would happen when building with a gcc version 10 or above. - Fixes
an issue with FreeBSD aliases. - Fixes an issue with strncpy on FreeBSD.
- Fixes an issue with CNAME queries incorrectly answered with an error
code.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 17 2020 Denis Fateyev <[email protected]> - 2.3.10-1
- Update to 2.3.10 release
* Wed Jul 29 2020 Fedora Release Engineering <[email protected]> -
2.3.9-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Feb 28 2020 Denis Fateyev <[email protected]> - 2.3.9-4
- Add "legacy_common_support" build option
* Fri Jan 31 2020 Fedora Release Engineering <[email protected]> -
2.3.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1879172 - yadifa-2.3.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1879172
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
