The following Fedora EPEL 7 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-93154093e5
radare2-5.6.0-2.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-5af404a521
varnish-4.0.5-2.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a22d89c069
snapd-2.54.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
llvm13-13.0.1-1.el7
netdata-1.33.1-1.el7
rust-1.58.1-1.el7
scitokens-cpp-0.7.0-1.el7
Details about builds:
================================================================================
llvm13-13.0.1-1.el7 (FEDORA-EPEL-2022-dc3bd1f656)
The Low Level Virtual Machine
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-21658, a TOCTOU race condition in
`std::fs::remove_dir_all`. Privileged programs should be rebuilt if they use
this function on paths that may be manipulated with lesser privileges. For more
details, see the upstream [security advisory](https://blog.rust-
lang.org/2022/01/20/cve-2022-21658.html). Additional features from 1.58.0: *
Captured identifiers in format strings * More `#[must_use]` in the standard
library * Stabilized APIs See the [blog post](https://blog.rust-
lang.org/2022/01/13/Rust-1.58.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1580-2022-01-13) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Josh Stone <[email protected]> - 13.0.1-1
- 13.0.1 Release, ported to epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2041504 - CVE-2022-21658 rust: Race condition in remove_dir_all
leading to removal of files outside of the directory being removed
https://bugzilla.redhat.com/show_bug.cgi?id=2041504
--------------------------------------------------------------------------------
================================================================================
netdata-1.33.1-1.el7 (FEDORA-EPEL-2022-e9efba952e)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 17 2022 Didier Fabert <[email protected]> 1.33.1-1
- Update from upstream
- Enable el9 build
* Thu Jan 20 2022 Fedora Release Engineering <[email protected]> -
1.32.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2046493 - netdata-1.33.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2046493
--------------------------------------------------------------------------------
================================================================================
rust-1.58.1-1.el7 (FEDORA-EPEL-2022-dc3bd1f656)
The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-21658, a TOCTOU race condition in
`std::fs::remove_dir_all`. Privileged programs should be rebuilt if they use
this function on paths that may be manipulated with lesser privileges. For more
details, see the upstream [security advisory](https://blog.rust-
lang.org/2022/01/20/cve-2022-21658.html). Additional features from 1.58.0: *
Captured identifiers in format strings * More `#[must_use]` in the standard
library * Stabilized APIs See the [blog post](https://blog.rust-
lang.org/2022/01/13/Rust-1.58.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1580-2022-01-13) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 20 2022 Josh Stone <[email protected]> - 1.58.1-1
- Update to 1.58.1.
* Thu Jan 13 2022 Josh Stone <[email protected]> - 1.58.0-1
- Update to 1.58.0.
* Wed Jan 5 2022 Josh Stone <[email protected]> - 1.57.0-2
- Add rust-std-static-i686-pc-windows-gnu
- Add rust-std-static-x86_64-pc-windows-gnu
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2041504 - CVE-2022-21658 rust: Race condition in remove_dir_all
leading to removal of files outside of the directory being removed
https://bugzilla.redhat.com/show_bug.cgi?id=2041504
--------------------------------------------------------------------------------
================================================================================
scitokens-cpp-0.7.0-1.el7 (FEDORA-EPEL-2022-7bbf95c6f2)
C++ Implementation of the SciTokens Library
--------------------------------------------------------------------------------
Update Information:
- Changes from static analysis - If only one key is available, do not error on
no kid - Support at+jwt profile
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 18 2022 Derek Weitzel <[email protected]> - 0.7.0-1
- Changes from static analysis
- If only one key is available, do not error on no kid
- Support at+jwt profile
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
