The following Fedora EPEL 8 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-99a9054ad1
netatalk-3.1.18-1.el8
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-f2e087c62d
chromium-117.0.5938.149-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-18e8d4f55b
mbedtls-2.28.5-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
apptainer-1.2.4-1.el8
gaupol-1.13-1.el8
libcue-2.3.0-1.el8
python-virt-firmware-23.10-2.el8
trafficserver-9.2.3-1.el8
Details about builds:
================================================================================
apptainer-1.2.4-1.el8 (FEDORA-EPEL-2023-a8bb8eef71)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.2.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Dave Dykstra <[email protected]> - 1.2.4
- Update to upstream 1.2.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2243304 - apptainer-1.2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2243304
--------------------------------------------------------------------------------
================================================================================
gaupol-1.13-1.el8 (FEDORA-EPEL-2023-cbfe405dc2)
Editor for text-based subtitle files
--------------------------------------------------------------------------------
Update Information:
Update Gaupol to 1.13. ## 2023-10-08: Gaupol 1.13 - Fix translations missing
for enums - Fix Python 3.12 compatibility and drop support for Python < 3.4 -
Add Chinese (China) translation
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Benjamin A. Beasley <[email protected]> - 1.13-1
- Update to 1.13 (close RHBZ#2242996)
* Wed Oct 11 2023 Yaakov Selkowitz <[email protected]> - 1.12-4
- Fix flatpak build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242996 - gaupol-1.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242996
--------------------------------------------------------------------------------
================================================================================
libcue-2.3.0-1.el8 (FEDORA-EPEL-2023-2b36013026)
Cue sheet parser library
--------------------------------------------------------------------------------
Update Information:
This update provides a new release of libcue that includes the fix for a serious
security issue that could cause arbitrary code execution, tracked as
CVE-2023-43641. See [this write-up by Kevin
Backhouse](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-
gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue
and writing the fix. It also includes another small bug fix.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 10 2023 Adam Williamson <[email protected]> - 2.3.0-1
- New release 2.3.0
- Drop merged patch
* Tue Oct 10 2023 Adam Williamson <[email protected]> - 2.2.1-13
- Fix CVE-2023-43641 (Kevin Backhouse)
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> -
2.2.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> -
2.2.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <[email protected]> -
2.2.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <[email protected]> -
2.2.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <[email protected]> -
2.2.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <[email protected]> -
2.2.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Aug 4 2020 Robert Scheck <[email protected]> - 2.2.1-6
- Work around CMake out-of-source builds on all branches (#1863986)
* Tue Jul 28 2020 Fedora Release Engineering <[email protected]> -
2.2.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <[email protected]> - 2.2.1-4
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Jan 29 2020 Fedora Release Engineering <[email protected]> -
2.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2243168 - CVE-2023-43641 libcue: a out-of-bounds array access
leads to RCE [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243168
--------------------------------------------------------------------------------
================================================================================
python-virt-firmware-23.10-2.el8 (FEDORA-EPEL-2023-3e327fe8ec)
Tools for virtual machine firmware volumes
--------------------------------------------------------------------------------
Update Information:
update to version 23.10
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Gerd Hoffmann <[email protected]> - 23.10-2
- add pe-inspect to filelist
* Wed Oct 11 2023 Gerd Hoffmann <[email protected]> - 23.10-1
- update to version 23.10
--------------------------------------------------------------------------------
================================================================================
trafficserver-9.2.3-1.el8 (FEDORA-EPEL-2023-e2dd7ffa65)
Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:
Update to upstream 9.2.3 Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Jered Floyd <[email protected]> 9.2.3-1
- Update to upstream 9.2.3
- Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
* Wed Oct 4 2023 Jered Floyd <[email protected]> 9.2.2-2
- Use OpenSSL 1.1.x from EPEL on RHEL 7 to fix Chrome 117+ bugs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242988 - trafficserver-9.2.3-rc0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242988
[ 2 ] Bug #2243251 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2:
Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid
Reset Attack) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243251
[ 3 ] Bug #2243252 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2:
Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid
Reset Attack) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243252
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
