The following Fedora EPEL 8 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-6327fb701b
stb-0-0.45.20240213gitae721c5.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f7310355bb
djvulibre-3.5.28-5.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-124.0.6367.155-1.el8
gpgme1.22-1.22.0-2.el8
libavc1394-0.5.4-23.el8
netdata-1.45.4-1.el8
python-tkrzw-0.1.31-1.el8
python39-pyrsistent-epel-0.17.3-1.el8
squashfs-tools-ng-1.3.1-2.el8
tkrzw-1.0.29-1.el8
Details about builds:
================================================================================
chromium-124.0.6367.155-1.el8 (FEDORA-EPEL-2024-ac000e6379)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
update to 124.0.6367.155
High CVE-2024-4558: Use after free in ANGLE
High CVE-2024-4559: Heap buffer overflow in WebAudio
update to 124.0.6367.118
High CVE-2024-4331: Use after free in Picture In Picture
High CVE-2024-4368: Use after free in Dawn
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 8 2024 Than Ngo <t...@redhat.com> - 124.0.6367.155-1
- update to 124.0.6367.155
* High CVE-2024-4558: Use after free in ANGLE
* High CVE-2024-4559: Heap buffer overflow in WebAudio
* Sun May 5 2024 Than Ngo <t...@redhat.com> - 124.0.6367.118-2
- fixed build errors on el8
- refreshed clean_ffmpeg.sh
- added missing files for bundle ffmpeg
* Wed May 1 2024 Than Ngo <t...@redhat.com> - 124.0.6367.118-1
- update to 124.0.6367.118
* High CVE-2024-4331: Use after free in Picture In Picture
* High CVE-2024-4368: Use after free in Dawn
- use system highway
* Sat Apr 27 2024 Than Ngo <t...@redhat.com> - 124.0.6367.91-1
- update to 124.0.6367.91
- fixed bz#2277228 - chromium wrapper causes library issues (symbol lookup
error)
- use system dav1d
* Wed Apr 24 2024 Than Ngo <t...@redhat.com> - 124.0.6367.78-1
- update to 124.0.6367.78
* Critical CVE-2024-4058: Type Confusion in ANGLE
* High CVE-2024-4059: Out of bounds read in V8 API
* High CVE-2024-4060: Use after free in Dawn
* Sat Apr 20 2024 Than Ngo <t...@redhat.com> - 124.0.6367.60-2
- fix waylang regression
* Tue Apr 16 2024 Than Ngo <t...@redhat.com> - 124.0.6367.60-1
- update to 124.0.6367.60
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2274695 - CVE-2023-49528 chromium: FFmpeg: Heap Buffer Overflow
vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2274695
[ 2 ] Bug #2275841 - CVE-2024-31578 CVE-2024-31581 CVE-2024-31582
CVE-2024-31585 chromium: ffmpeg: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275841
[ 3 ] Bug #2276116 - CVE-2023-49501 CVE-2023-49502 CVE-2023-51791
CVE-2023-51792 CVE-2023-51793 chromium: ffmpeg: multiple vulnerabilities
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276116
[ 4 ] Bug #2276123 - CVE-2023-51795 CVE-2023-51796 CVE-2023-51797
CVE-2023-51798 chromium: ffmpeg: multiple vulnerabilites [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276123
[ 5 ] Bug #2276130 - CVE-2023-50007 CVE-2023-50008 CVE-2023-50009
CVE-2023-50010 chromium: ffmpeg: multiple vulnerabilitites [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276130
[ 6 ] Bug #2278765 - CVE-2024-4331 chromium: chromium-browser: Use after free
in Picture In Picture [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278765
[ 7 ] Bug #2278766 - CVE-2024-4331 chromium: chromium-browser: Use after free
in Picture In Picture [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278766
[ 8 ] Bug #2278770 - CVE-2024-4368 chromium: chromium-browser: Use after free
in Dawn [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278770
[ 9 ] Bug #2278771 - CVE-2024-4368 chromium: chromium-browser: Use after free
in Dawn [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278771
[ 10 ] Bug #2279687 - CVE-2024-4559 chromium: chromium-browser: Heap buffer
overflow in WebAudio [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279687
[ 11 ] Bug #2279688 - CVE-2024-4559 chromium: chromium-browser: Heap buffer
overflow in WebAudio [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279688
[ 12 ] Bug #2279690 - CVE-2024-4558 chromium: chromium-browser: Use after
free in ANGLE [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279690
--------------------------------------------------------------------------------
================================================================================
gpgme1.22-1.22.0-2.el8 (FEDORA-EPEL-2024-c1583718b9)
GnuPG Made Easy - high level crypto API - version 1.22
--------------------------------------------------------------------------------
Update Information:
Patched so it would build with lower libgpgme-error
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 7 2024 Troy Dawson <tdaw...@redhat.com> - 1.22.0-2
- Patched so it would build with lower libgpgme-error
- Changed variables so it would build on epel8
- Added ldconfig_scriptlets
* Thu Oct 19 2023 Troy Dawson <tdaw...@redhat.com> - 1.22.0-1
- Converted to a forward compat package from Fedora 40 gpgme
--------------------------------------------------------------------------------
================================================================================
libavc1394-0.5.4-23.el8 (FEDORA-EPEL-2024-7bce28f6bd)
Audio/Video Control library for IEEE-1394 devices
--------------------------------------------------------------------------------
Update Information:
Built in EPEL8
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 8 2024 Antonio Trande <sagit...@fedoraproject.org> - 0.5.4-23
- Fix patch command
* Thu Jan 25 2024 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Apr 16 2020 Antonio Trande <sagit...@fedoraproject.org> - 0.5.4-13
- Some minor fixes
* Wed Jan 29 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 22 2018 Antonio Trande <sagit...@fedoraproject.org> - 0.5.4-8
- Add gcc BR
* Fri Feb 16 2018 Antonio Trande <sagit...@fedoraproject.org> - 0.5.4-7
- Use %ldconfig_scriptlets
* Wed Feb 7 2018 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 3 2017 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sun Aug 21 2016 Antonio Trande <sagit...@fedoraproject.org> - 0.5.4-2
- Some minor fixes
* Sat Aug 20 2016 Antonio Trande <sagit...@fedoraproject.org> - 0.5.4-1
- Update to 0.5.4 (bz#628157)
- Patch updated
- Use %license
* Thu Feb 4 2016 Fedora Release Engineering <rel...@fedoraproject.org> -
0.5.3-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Feb 21 2015 Till Maas <opensou...@till.name> - 0.5.3-17
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
* Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Mon Feb 7 2011 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Jul 24 2009 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Jun 10 2009 Jarod Wilson <ja...@redhat.com> 0.5.3-8
- Fix duplicate global symbols in libavc1394 vs. librom1394 (#216143)
* Mon May 18 2009 Jarod Wilson <ja...@redhat.com> 0.5.3-7
- Use included libtool, kill rpath a different way (#225988)
* Mon May 18 2009 Jarod Wilson <ja...@redhat.com> 0.5.3-6
- Fix up merge review issues (#225988)
* Wed Feb 25 2009 Fedora Release Engineering <rel-...@lists.fedoraproject.org>
- 0.5.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Tue Aug 5 2008 Tom "spot" Callaway <tcall...@redhat.com> 0.5.3-4
- fix license tag
* Tue Jul 22 2008 Jarod Wilson <jwil...@redhat.com> 0.5.3-3
- Bump and rebuild for libraw1394 v2.0.0
* Thu Feb 14 2008 Jarod Wilson <jwil...@redhat.com> - 0.5.3-2
- Bump and rebuild with gcc 4.3
* Sun Sep 10 2006 Jarod Wilson <jwil...@redhat.com> - 0.5.3-1
- Upstream release 0.5.3
* Wed Jul 12 2006 Jesse Keating <jkeat...@redhat.com> - 0.5.1-2.2.1
- rebuild
* Fri Feb 10 2006 Jesse Keating <jkeat...@redhat.com> - 0.5.1-2.2
- bump again for double-long bug on ppc(64)
* Tue Feb 7 2006 Jesse Keating <jkeat...@redhat.com> - 0.5.1-2.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Thu Dec 22 2005 Warren Togami <wtog...@redhat.com> 0.5.1-2
- remove .a and .la (#172641)
- GPL -> LGPL (#165908)
* Fri Dec 9 2005 Jesse Keating <jkeat...@redhat.com>
- rebuilt
* Thu Nov 10 2005 Matthias Saou <http://freshrpms.net/> 0.5.1-1
- Update to 0.5.1.
- Update librom patch to still apply cleanly.
* Sat Oct 15 2005 Florian La Roche <laro...@redhat.com>
- make sure librom1394 is linked to libraw1394 and also
libavc1394 is linked to librom1394 (also bz 156938)
* Wed Mar 16 2005 Elliot Lee <sopw...@redhat.com>
- rebuilt
* Mon Feb 28 2005 Warren Togami <wtog...@redhat.com> 0.4.1-7
- gcc4 rebuild
* Sun Feb 6 2005 Warren Togami <wtog...@redhat.com> 0.4.1-6
- rebuild against new libraw1394
* Mon Jan 3 2005 Colin Walters <walt...@redhat.com> 0.4.1-5
- Rerun autotools in attempt to get package to link to -lm
- Add patch libavc1394-0.4.1-kill-configure-insanity.patch
* Mon Nov 22 2004 Karsten Hopp <kars...@redhat.de> 0.4.1-4
- remove bogus ldconfig after makeinstall
* Fri Jul 30 2004 Florian La Roche <florian.laro...@redhat.de>
- add symlinks for ldconfig
* Tue Jun 15 2004 Elliot Lee <sopw...@redhat.com>
- rebuilt
* Tue Mar 2 2004 Elliot Lee <sopw...@redhat.com>
- rebuilt
* Thu Feb 12 2004 Warren Togami <wtog...@redhat.com> 0.4.1-1
- upgrade to 0.4.1
- Spec cleanups
- License -> Copyright
- Remove INSTALL; Add News, ChangeLog
- Applications/Multimedia -> System Environment/Libraries
* Mon Aug 25 2003 Bill Nottingham <nott...@redhat.com> 0.3.1-7
- fix buildreqs (#102204)
* Wed Jun 4 2003 Elliot Lee <sopw...@redhat.com>
- rebuilt
* Wed Jan 22 2003 Tim Powers <t...@redhat.com>
- rebuilt
* Thu Dec 12 2002 Tim Powers <t...@redhat.com> 0.3.1-4
- rebuild on all arches
* Wed Nov 20 2002 Florian La Roche <florian.laro...@redhat.de>
- exclude mainframe
- allow lib64
* Fri Jun 21 2002 Tim Powers <t...@redhat.com>
- automated rebuild
* Sun Jun 9 2002 Michael Fulbright <m...@redhat.com>
- First RPM build
--------------------------------------------------------------------------------
================================================================================
netdata-1.45.4-1.el8 (FEDORA-EPEL-2024-1a56d4ac2a)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 9 2024 Didier Fabert <didier.fab...@gmail.com> 1.45.4-1
- Update from upstream
* Sat Apr 13 2024 Didier Fabert <didier.fab...@gmail.com> 1.45.3-1
- Update from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2279845 - netdata-1.45.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2279845
--------------------------------------------------------------------------------
================================================================================
python-tkrzw-0.1.31-1.el8 (FEDORA-EPEL-2024-00e7b2ad9b)
TKRZW Python bindings
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 7 2024 TI_Eugene <ti.eug...@gmail.com> - 0.1.31-1
- Version bump
* Fri Jan 26 2024 Fedora Release Engineering <rel...@fedoraproject.org> -
0.1.30-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <rel...@fedoraproject.org> -
0.1.30-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jul 21 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
0.1.30-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 14 2023 Python Maint <python-ma...@redhat.com> - 0.1.30-2
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------
================================================================================
python39-pyrsistent-epel-0.17.3-1.el8 (FEDORA-EPEL-2024-87e2cf29f2)
Persistent/Functional/Immutable data structures
--------------------------------------------------------------------------------
Update Information:
Build for EPEL8
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 8 2024 Orion Poplawski <or...@nwra.com> - 0.17.3-1
- Build for EPEL8 Python 3.9
--------------------------------------------------------------------------------
================================================================================
squashfs-tools-ng-1.3.1-2.el8 (FEDORA-EPEL-2024-d7f5d14c5f)
A new set of tools and libraries for working with SquashFS images
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.3.1 release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 9 2024 David Trudgian <david.trudg...@sylabs.io> - 1.3.1-1
- Update to upstream 1.3.1 release.
--------------------------------------------------------------------------------
================================================================================
tkrzw-1.0.29-1.el8 (FEDORA-EPEL-2024-00e7b2ad9b)
A straightforward implementation of DBM
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 7 2024 TI_Eugene <ti.eug...@gmail.com> - 1.0.29-1
- Version bump
* Sat Jan 27 2024 Fedora Release Engineering <rel...@fedoraproject.org> -
1.0.27-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
1.0.27-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
