[EPEL-devel] Fedora EPEL 7 updates-testing report

[updates]

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-6395a45cb3   
perl-Image-ExifTool-12.38-1.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    liblxi-1.15-1.el7
    miniupnpc-2.0-3.el7

Details about builds:


================================================================================
 liblxi-1.15-1.el7 (FEDORA-EPEL-2022-c1b58fb721)
 Library with simple API for communication with LXI devices
--------------------------------------------------------------------------------
Update Information:

# liblxi v1.15    * Fix meson libtirpc dependency      Remove the hardcoded
include patch to libtirpc and replace it with one dynamically resolved via `pkg-
config`.      The reason for implementing the meson dependency check this way is
to avoid linking with libtirpc because it is broken with regards to its Sun RPC
implementation so instead we link with the RPC implementation which still reside
in glibc. However, glibc removed their RPC header files so we need the headers
from libtirpc.      Further investigation is required to find and fix the bug in
the libtirpc RPC implementation so we can get back to normal. They changed
something moving it out of glibc and they shouldn't have.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jan 23 2022 Robert Scheck <rob...@fedoraproject.org> 1.15-1
- Upgrade to 1.15 (#2043963)
* Sat Jan 22 2022 Robert Scheck <rob...@fedoraproject.org> 1.14-1
- Upgrade to 1.14 (#2042909)
* Thu Jan 20 2022 Fedora Release Engineering <rel...@fedoraproject.org> - 1.13-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 1.13-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 1.13-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <rel...@fedoraproject.org> - 1.13-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <rel...@fedoraproject.org> - 1.13-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <rel...@fedoraproject.org> - 1.13-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb  1 2019 Fedora Release Engineering <rel...@fedoraproject.org> - 1.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 1.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2043963 - liblxi-1.15 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2043963
--------------------------------------------------------------------------------


================================================================================
 miniupnpc-2.0-3.el7 (FEDORA-EPEL-2022-4069001f10)
 Library and tool to control NAT in UPnP-enabled routers
--------------------------------------------------------------------------------
Update Information:

- Clean up SPEC file. - Add patch to fix CVE-2017-1000494 (backported from 2.1).
- Add patch to fix CVE-2017-8798 (backported from 2.1). - Drop conditions for
Python 3 etc, other branches have moved forward.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jan 30 2022 Simone Caronni <negativ...@gmail.com> - 2.0-3
- Add patch to fix CVE-2017-8798 (backported from 2.1).
* Sun Jan 30 2022 Simone Caronni <negativ...@gmail.com> - 2.0-2
- Clean up SPEC file.
- Add patch to fix CVE-2017-1000494 (backported from 2.1).
- Drop conditions for Python 3 etc, other branches have moved forward.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1450064 - CVE-2017-8798 miniupnpc: Integer signedness error 
[epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=1450064
  [ 2 ] Bug #1532504 - CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can 
allow a remote attacker to cause a denial of service or potentially execute 
code [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1532504
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure