The following Fedora EPEL 7 Security updates need testing:
Age URL
23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f005e1b879
debmirror-2.35-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-1c90472b95
libopenmpt-0.5.12-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
pspg-5.4.0-1.el7
python3-pillow-6.2.2-3.el7
Details about builds:
================================================================================
pspg-5.4.0-1.el7 (FEDORA-EPEL-2021-7d9e53593a)
A unix pager optimized for psql
--------------------------------------------------------------------------------
Update Information:
new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/5.4.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 10 2021 Pavel Raiskup <prais...@redhat.com> - 5.4.0-1
- new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/5.4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1992579 - pspg-5.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1992579
--------------------------------------------------------------------------------
================================================================================
python3-pillow-6.2.2-3.el7 (FEDORA-EPEL-2021-a3fe2b021b)
Python image processing library
--------------------------------------------------------------------------------
Update Information:
Backport CVE fixes for CVE-2021-23437 (bz#2001911), CVE-2021-28675 (bz#1958243),
CVE-2021-28676 (bz#1958255), CVE-2021-28677 (bz#1958260), CVE-2021-28678
(bz#1958266), CVE-2021-34552 (bz#1982382)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 9 2021 Orion Poplawski <or...@nwra.com> - 6.2.2-3
- Backport CVE fixes for CVE-2021-23437 (bz#2001911), CVE-2021-28675
(bz#1958243), CVE-2021-28676 (bz#1958255), CVE-2021-28677 (bz#1958260),
CVE-2021-28678 (bz#1958266), CVE-2021-34552 (bz#1982382)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1958243 - CVE-2021-28675 python3-pillow: python-pillow: DoS in
PsdImagePlugin [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1958243
[ 2 ] Bug #1958255 - CVE-2021-28676 python3-pillow: python-pillow: infinite
loop in FliDecode.c can lead to DoS [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1958255
[ 3 ] Bug #1958260 - CVE-2021-28677 python3-pillow: python-pillow: DoS in the
open phase via a malicious EPS file [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1958260
[ 4 ] Bug #1958266 - CVE-2021-28678 python3-pillow: python-pillow: improper
check in BlpImagePlugin can lead to DoS [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1958266
[ 5 ] Bug #1982382 - CVE-2021-34552 python3-pillow: python-pillow: buffer
overflow in Convert.c because it allow an attacker to pass controlled
parameters directly into a convert function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1982382
[ 6 ] Bug #2001911 - CVE-2021-23437 python3-pillow: python-pillow: possible
ReDoS via the getrgb function [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2001911
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
