The following Fedora EPEL 7 Security updates need testing:
Age URL
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7e5dc8aef7
chromium-119.0.6045.159-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
golang-1.20.10-3.el7
php-smarty-gettext-1.7.0-2.el7
Details about builds:
================================================================================
golang-1.20.10-3.el7 (FEDORA-EPEL-2023-1c906d04ee)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-39320, CVE-2023-39318, CVE-2023-39321, CVE-2023-39322,
CVE-2023-39323
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 23 2023 Dave Dykstra <[email protected]> - 1.20.10-3
- Skip ppc64le_cgo_inline_plt test which is failing on el7.
* Thu Nov 23 2023 Dave Dykstra <[email protected]> - 1.20.10-2
- Rebuild to correct day of week on 1.19.13 changelog.
* Thu Nov 23 2023 Dave Dykstra <[email protected]> - 1.20.10-1
- Update to 1.20.10 by doing the equivalent changes done in RedHat ubi8.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2237775 - CVE-2023-39320 golang: cmd/go: go.mod toolchain
directive allows arbitrary execution
https://bugzilla.redhat.com/show_bug.cgi?id=2237775
[ 2 ] Bug #2237776 - CVE-2023-39318 golang: html/template: improper handling
of HTML-like comments within script contexts
https://bugzilla.redhat.com/show_bug.cgi?id=2237776
[ 3 ] Bug #2237777 - CVE-2023-39321 golang: crypto/tls: panic when processing
post-handshake message on QUIC connections
https://bugzilla.redhat.com/show_bug.cgi?id=2237777
[ 4 ] Bug #2237778 - CVE-2023-39322 golang: crypto/tls: lack of a limit on
buffered post-handshake
https://bugzilla.redhat.com/show_bug.cgi?id=2237778
[ 5 ] Bug #2242544 - CVE-2023-39323 golang: cmd/go: line directives allows
arbitrary execution during build
https://bugzilla.redhat.com/show_bug.cgi?id=2242544
--------------------------------------------------------------------------------
================================================================================
php-smarty-gettext-1.7.0-2.el7 (FEDORA-EPEL-2023-976baae7b3)
Gettext support for Smarty
--------------------------------------------------------------------------------
Update Information:
First EPEL 7 build.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 16 2023 Xavier Bachelot <[email protected]> - 1.7.0-2
- Provide autoloader
- Run test suite
* Mon Jul 17 2023 Xavier Bachelot <[email protected]> - 1.7.0-1
- Initial package
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
