The following Fedora EPEL 9 Security updates need testing:
Age URL
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0398ebbbfa
w3m-0.5.3-63.git20230121.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-879bfd3d5b
chromium-122.0.6261.128-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-626c1844b4
csmock-3.5.3-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-684f77a897
podman-tui-1.0.0-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
koji-1.34.0-3.el9
pandoc-2.14.0.3-17.el9
patat-0.8.7.0-4.el9
prometheus-podman-exporter-1.11.0-1.el9
suricata-6.0.17-1.el9
Details about builds:
================================================================================
koji-1.34.0-3.el9 (FEDORA-EPEL-2024-19d54f50cc)
Build system tools
--------------------------------------------------------------------------------
Update Information:
Add back in missing schema files. rhbz#2270743
Update to 1.34.0 + some small patches
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 22 2024 Kevin Fenzi <[email protected]> - 1.34.0-3
- Add back in missing schema files. rhbz#2270743
* Mon Mar 18 2024 Kevin Fenzi <[email protected]> - 1.34.0-2
- Carry scm policy plugin for hub, it's already upstream
- Use dnf5 compatible 'group install' command
- Allow specifying with a tag value what arches noarch builds happen on.
- Fix image-build to not pass units to oz (to avoid GB/GiB issues)
- Fix a typo in scheduler (already upstreamed)
- Add back index for rpminfo table that was mistakenly dropped.
* Thu Jan 25 2024 Kevin Fenzi <[email protected]> - 1.34.0-1
- Update to 1.34.0. Fixes rhbz#2260055
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
1.33.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
1.33.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> -
1.33.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 14 2023 Kevin Fenzi <[email protected]> - 1.33.1-1
- Update to 1.31.1. Fixes rhbz#2222032
* Tue Jun 13 2023 Python Maint <[email protected]> - 1.33.0-2
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2270743 - Missing koji db schema files
https://bugzilla.redhat.com/show_bug.cgi?id=2270743
--------------------------------------------------------------------------------
================================================================================
pandoc-2.14.0.3-17.el9 (FEDORA-EPEL-2024-3e437ee2d0)
Conversion between markup formats
--------------------------------------------------------------------------------
Update Information:
backport pandoc fixes for CVE-2023-35936 and CVE-2023-38745
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 22 2024 Jens Petersen <[email protected]> - 2.14.0.3-17
- backport fixes for CVE-2023-35936 and CVE-2023-38745
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2220872 - TRIAGE pandoc: TRIAGE_CVE-2023-35936 pandoc: allows
attacker to create or overwrite arbitrary files on the system [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2220872
[ 2 ] Bug #2227033 - CVE-2023-38745 pandoc: allows attacker to create or
overwrite arbitrary files on the system [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2227033
--------------------------------------------------------------------------------
================================================================================
patat-0.8.7.0-4.el9 (FEDORA-EPEL-2024-3e437ee2d0)
Terminal-based presentations using Pandoc
--------------------------------------------------------------------------------
Update Information:
backport pandoc fixes for CVE-2023-35936 and CVE-2023-38745
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 17 2022 Jens Petersen <[email protected]> - 0.8.7.0-4
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2220872 - TRIAGE pandoc: TRIAGE_CVE-2023-35936 pandoc: allows
attacker to create or overwrite arbitrary files on the system [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2220872
[ 2 ] Bug #2227033 - CVE-2023-38745 pandoc: allows attacker to create or
overwrite arbitrary files on the system [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2227033
--------------------------------------------------------------------------------
================================================================================
prometheus-podman-exporter-1.11.0-1.el9 (FEDORA-EPEL-2024-5d9511ad6e)
Prometheus exporter for podman environment
--------------------------------------------------------------------------------
Update Information:
release v1.11.0
release v1.10.1
release v1.10.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 22 2024 Navid Yaghoobi <[email protected]> - 1.11.0-1
- release v1.11.0
* Sun Mar 17 2024 Navid Yaghoobi <[email protected]> - 1.10.1-1
- release v1.10.1
* Sat Mar 16 2024 Navid Yaghoobi <[email protected]> - 1.10.0-1
- release v1.10.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2268896 - CVE-2024-28180 prometheus-podman-exporter: jose-go:
improper handling of highly compressed data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2268896
--------------------------------------------------------------------------------
================================================================================
suricata-6.0.17-1.el9 (FEDORA-EPEL-2024-1e7f709e59)
Intrusion Detection System
--------------------------------------------------------------------------------
Update Information:
These are bug fix and security releases including MODERATE, HIGH,
and CRITICAL issues.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2024 Steve Grubb <[email protected]> 6.0.17-1
- New security and bugfix release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2128376 - Please port your pcre dependency to pcre2. Pcre has been
deprecated
https://bugzilla.redhat.com/show_bug.cgi?id=2128376
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
