[EPEL-devel] Fedora EPEL 6 updates-testing report
The following Fedora EPEL 6 Security updates need testing: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2dbce134fd singularity-3.6.4-1.el6 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b21ed088ad tcpreplay-4.3.3-3.el6 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ca0361c919 lout-3.40-18.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing python-regex-2020.10.23-1.el6 tomcat-7.0.106-1.el6 Details about builds: python-regex-2020.10.23-1.el6 (FEDORA-EPEL-2020-62b3e6fdf6) Alternative regular expression module, to replace re Update Information: Update python-regex to the latest release. ChangeLog: * Wed Oct 28 2020 Thomas Moschny - 2020.10.23-1 - Update to 2020.10.23. tomcat-7.0.106-1.el6 (FEDORA-EPEL-2020-2cde864460) Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API Update Information: This update includes a rebase from 7.0.105 up to 7.0.106. ChangeLog: * Wed Oct 28 2020 Hui Wang - 1:7.0.106-1 - Update to 7.0.106 ___ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
[EPEL-devel] Fedora EPEL 7 updates-testing report
The following Fedora EPEL 7 Security updates need testing: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-01179f6b9f suricata-4.1.9-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e6c7b4cbec tcpreplay-4.3.3-3.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-284f18e5de lout-3.40-18.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fd6ec50fa5 fastd-21-2.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing chromium-86.0.4240.111-1.el7 perl-HTML-Lint-2.32-7.el7.1 pngcheck-2.3.0-3.el7 Details about builds: chromium-86.0.4240.111-1.el7 (FEDORA-EPEL-2020-3157c3d291) A WebKit (Blink) powered web browser Update Information: Update to Chromium 86. A few big things here: 1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium: chrome://flags/#enable- accelerated-video-decode Be sure it is turned on. Note that not all GPUs are supported. 2. All the security fixes you expect with a major release: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 3. The EPEL-7 build no longer requires minizip, because Red Hat removed that package in RHEL 7.9. 4. Without bats acting as pollinators, agave and cacao plants would struggle. That means that bats are responsible for tequila and chocolate. ChangeLog: * Wed Oct 21 2020 Tom Callaway - 86.0.4240.111-1 - update to 86.0.4240.111 * Tue Oct 20 2020 Tom Callaway - 86.0.4240.75-2 - use bundled zlib/minizip on el7 (thanks Red Hat. :P) * Wed Oct 14 2020 Tom Callaway - 86.0.4240.75-1 - update to 86.0.4240.75 * Mon Sep 28 2020 Tom Callaway - 85.0.4183.121-2 - rebuild for libevent References: [ 1 ] Bug #1885883 - CVE-2020-15967 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1885883 [ 2 ] Bug #1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885884 [ 3 ] Bug #1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1885885 [ 4 ] Bug #1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC https://bugzilla.redhat.com/show_bug.cgi?id=1885886 [ 5 ] Bug #1885887 - CVE-2020-15971 chromium-browser: Use after free in printing https://bugzilla.redhat.com/show_bug.cgi?id=1885887 [ 6 ] Bug #1885888 - CVE-2020-15972 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1885888 [ 7 ] Bug #1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=1885889 [ 8 ] Bug #1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager https://bugzilla.redhat.com/show_bug.cgi?id=1885890 [ 9 ] Bug #1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1885891 [ 10 ] Bug #1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885892 [ 11 ] Bug #1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=1885893 [ 12 ] Bug #1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR https://bugzilla.redhat.com/show_bug.cgi?id=1885894 [ 13 ] Bug #1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking https://bugzilla.redhat.com/show_bug.cgi?id=1885896 [ 14 ] Bug #1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs https://bugzilla.redhat.com/show_bug.cgi?id=1885897 [ 15 ] Bug #1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1885899 [ 16 ] Bug #1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8
[EPEL-devel] Fedora EPEL 8 updates-testing report
The following Fedora EPEL 8 Security updates need testing: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-69c0102261 singularity-3.6.4-1.el8 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b7912a8edb suricata-5.0.4-1.el8 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e85de73cdb pdns-recursor-4.3.5-1.el8 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6ef54b7a2d tcpreplay-4.3.3-3.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4f4de3554d fastd-21-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing chromium-86.0.4240.111-1.el8 perl-HTML-Lint-2.32-7.el8 perl-HTTP-Response-Encoding-0.06-32.el8 perl-Pod-Tests-1.20-6.el8 perl-WWW-Mechanize-1.97-1.el8.1 pngcheck-2.3.0-3.el8 python-nuheat-0.3.0-1.el8 wavemon-0.9.2-1.el8 Details about builds: chromium-86.0.4240.111-1.el8 (FEDORA-EPEL-2020-5f50399d2e) A WebKit (Blink) powered web browser Update Information: Update to Chromium 86. A few big things here: 1. Upstream has made hardware accelerated video support (VAAPI) for Linux possible without patches. One key difference is that the patchset used previously in Fedora enabled it by default and upstream's approach disables it by default. To enable Hardware accelerated video in chromium, open this link in chromium: chrome://flags/#enable- accelerated-video-decode Be sure it is turned on. Note that not all GPUs are supported. 2. All the security fixes you expect with a major release: CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 3. The EPEL-7 build no longer requires minizip, because Red Hat removed that package in RHEL 7.9. 4. Without bats acting as pollinators, agave and cacao plants would struggle. That means that bats are responsible for tequila and chocolate. ChangeLog: * Wed Oct 21 2020 Tom Callaway - 86.0.4240.111-1 - update to 86.0.4240.111 * Tue Oct 20 2020 Tom Callaway - 86.0.4240.75-2 - use bundled zlib/minizip on el7 (thanks Red Hat. :P) * Wed Oct 14 2020 Tom Callaway - 86.0.4240.75-1 - update to 86.0.4240.75 * Mon Sep 28 2020 Tom Callaway - 85.0.4183.121-2 - rebuild for libevent References: [ 1 ] Bug #1885883 - CVE-2020-15967 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1885883 [ 2 ] Bug #1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885884 [ 3 ] Bug #1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1885885 [ 4 ] Bug #1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC https://bugzilla.redhat.com/show_bug.cgi?id=1885886 [ 5 ] Bug #1885887 - CVE-2020-15971 chromium-browser: Use after free in printing https://bugzilla.redhat.com/show_bug.cgi?id=1885887 [ 6 ] Bug #1885888 - CVE-2020-15972 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1885888 [ 7 ] Bug #1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=1885889 [ 8 ] Bug #1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager https://bugzilla.redhat.com/show_bug.cgi?id=1885890 [ 9 ] Bug #1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1885891 [ 10 ] Bug #1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1885892 [ 11 ] Bug #1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=1885893 [ 12 ] Bug #1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR https://bugzilla.redhat.com/show_bug.cgi?id=1885894 [ 13 ] Bug #1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking https://bugzilla.redhat.com/show_bug.cgi?id=1885896 [ 14 ] Bug #1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs https://bugzilla.redhat.com/show_bug.c