The following Fedora EPEL 9 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-11c0b9b06a
prometheus-podman-exporter-1.7.0-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-8e93f1b716
indent-2.2.13-5.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5e8a045fdd
atril-1.26.2-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
chromium-121.0.6167.85-1.el9
ddrescue-1.28-1.el9
hatch-1.7.0-14.el9
lightdm-1.30.0-19.el9
linux-sysinfo-snapshot-3.7.6-1.el9
qm-0.6.2-1.el9
rust-sequoia-openpgp-1.18.0-1.el9
xrootd-5.6.6-1.el9
Details about builds:
================================================================================
chromium-121.0.6167.85-1.el9 (FEDORA-EPEL-2024-44533eb648)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
update to 121.0.6167.85 * High CVE-2024-0807: Use after free in WebAudio * High
CVE-2024-0812: Inappropriate implementation in Accessibility * High
CVE-2024-0808: Integer underflow in WebUI * Medium CVE-2024-0810: Insufficient
policy enforcement in DevTools * Medium CVE-2024-0814: Incorrect security UI in
Payments * Medium CVE-2024-0813: Use after free in Reading Mode * Medium
CVE-2024-0806: Use after free in Passwords * Medium CVE-2024-0805: Inappropriate
implementation in Downloads * Medium CVE-2024-0804: Insufficient policy
enforcement in iOS Security UI * Low CVE-2024-0811: Inappropriate implementation
in Extensions API * Low CVE-2024-0809: Inappropriate implementation in Autofill
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 24 2024 Than Ngo <[email protected]> - 121.0.6167.85-1
- update to 121.0.6167.85
* High CVE-2024-0807: Use after free in WebAudio
* High CVE-2024-0812: Inappropriate implementation in Accessibility
* High CVE-2024-0808: Integer underflow in WebUI
* Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
* Medium CVE-2024-0814: Incorrect security UI in Payments
* Medium CVE-2024-0813: Use after free in Reading Mode
* Medium CVE-2024-0806: Use after free in Passwords
* Medium CVE-2024-0805: Inappropriate implementation in Downloads
* Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
* Low CVE-2024-0811: Inappropriate implementation in Extensions API
* Low CVE-2024-0809: Inappropriate implementation in Autofill
* Tue Jan 23 2024 Than Ngo <[email protected]> - 121.0.6167.71-1
- update to 121.0.6167.71
* Tue Jan 23 2024 Fedora Release Engineering <[email protected]> -
120.0.6099.224-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2260066 - CVE-2024-0806 CVE-2024-0807 CVE-2024-0808 CVE-2024-0810
CVE-2024-0812 CVE-2024-0813 CVE-2024-0814 chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2260066
--------------------------------------------------------------------------------
================================================================================
ddrescue-1.28-1.el9 (FEDORA-EPEL-2024-deba493214)
Data recovery tool trying hard to rescue data in case of read errors
--------------------------------------------------------------------------------
Update Information:
bugfix relelase
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 26 2024 Michal Ambroz <rebus AT_ seznam.cz> - 1.28-1
- Update to 1.28
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> - 1.27-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> - 1.27-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 19 2023 Fedora Release Engineering <[email protected]> - 1.27-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2259910 - ddrescue-1.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2259910
--------------------------------------------------------------------------------
================================================================================
hatch-1.7.0-14.el9 (FEDORA-EPEL-2024-f141b9bc4c)
A modern project, package, and virtual env manager
--------------------------------------------------------------------------------
Update Information:
Minor packaging improvements
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 26 2024 Benjamin A. Beasley <[email protected]> - 1.7.0-14
- Minor packaging improvements
--------------------------------------------------------------------------------
================================================================================
lightdm-1.30.0-19.el9 (FEDORA-EPEL-2024-1134025600)
A cross-desktop Display Manager
--------------------------------------------------------------------------------
Update Information:
- Fix start order with systemd-hostnamed.service in lightdm.service
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 26 2024 Christoph Junghans <[email protected]> - 1.30.0-19
- Fix start order with systemd-hostnamed.service in lightdm.service (bug
#2167386)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2167386 - Login only works on 2nd attempt
https://bugzilla.redhat.com/show_bug.cgi?id=2167386
--------------------------------------------------------------------------------
================================================================================
linux-sysinfo-snapshot-3.7.6-1.el9 (FEDORA-EPEL-2024-62d01a7dc1)
System information snapshot tool for Mellanox adapters
--------------------------------------------------------------------------------
Update Information:
Initial import; Fixes: RHBZ#2260380
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 26 2024 Davide Cavalca <[email protected]> - 3.7.6-1
- Initial import; Fixes: RHBZ#2260380
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2260380 - Review Request: linux-sysinfo-snapshot - System
information snapshot tool for Mellanox adapters
https://bugzilla.redhat.com/show_bug.cgi?id=2260380
--------------------------------------------------------------------------------
================================================================================
qm-0.6.2-1.el9 (FEDORA-EPEL-2024-b8c4773a59)
Containerized environment for running Quality Management software
--------------------------------------------------------------------------------
Update Information:
update to version 0.6.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 26 2024 Douglas Schilling Landgraf <[email protected]> - 0.6.2-1
- Update to version v0.6.2
* Thu Jan 18 2024 Douglas Schilling Landgraf <[email protected]> - 0.6.1-1
- Update to version 0.6.1
--------------------------------------------------------------------------------
================================================================================
rust-sequoia-openpgp-1.18.0-1.el9 (FEDORA-EPEL-2024-fb80380ba2)
OpenPGP data types and associated machinery
--------------------------------------------------------------------------------
Update Information:
Update to version 1.18.0.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 26 2024 Fabio Valentini <[email protected]> - 1.18.0-1
- Update to version 1.18.0; Fixes RHBZ#2260491
--------------------------------------------------------------------------------
================================================================================
xrootd-5.6.6-1.el9 (FEDORA-EPEL-2024-d7a6dcb922)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
XRootD 5.6.6
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 26 2024 Mattias Ellert <[email protected]> - 1:5.6.6-1
- Update to version 5.6.6
* Mon Jan 22 2024 Mattias Ellert <[email protected]> - 1:5.6.5-1
- Update to version 5.6.5
- Drop patches accepted upstream
* Wed Jan 17 2024 Mattias Ellert <[email protected]> - 1:5.6.4-2
- Fix printf null pointer error
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
