The following Fedora EPEL 9 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9c790c33f7 netatalk-3.1.18-1.el9
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a0ec47d7c6 composer-2.6.5-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-61870984c8 mbedtls-2.28.5-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-834ef33019 trafficserver-9.2.3-1.el9
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b4fc9c3fdb libcue-2.3.0-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
chromium-118.0.5993.70-1.el9
distribution-gpg-keys-1.98-1.el9
fedora-license-data-1.32-1.el9
python-bugzilla-3.2.0-8.el9
pythoncapi-compat-0^20231012git99ab0d3-1.el9
rpminspect-1.12.1-1.el9
x2gokdriveclient-0.0.0.1-2.el9
Details about builds:
================================================================================
chromium-118.0.5993.70-1.el9 (FEDORA-EPEL-2023-2e7253946a)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 118.0.5993.70. Include following security fixes: - CVE-2023-5218:
Use after free in Site Isolation. - CVE-2023-5487: Inappropriate
implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation
in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools.
- CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481:
Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free
in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. -
CVE-2023-5479: Inappropriate implementation in Extensions API. -
CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478:
Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate
implementation in Installer. - CVE-2023-5486: Inappropriate implementation
in Input. - CVE-2023-5473: Use after free in Cast. ---- update to
117.0.5938.149.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Than Ngo <than(a)redhat.com> - 118.0.5993.70-1
- update to 118.0.5993.70
- CVE-2023-5218: Use after free in Site Isolation.
- CVE-2023-5487: Inappropriate implementation in Fullscreen.
- CVE-2023-5484: Inappropriate implementation in Navigation.
- CVE-2023-5475: Inappropriate implementation in DevTools.
- CVE-2023-5483: Inappropriate implementation in Intents.
- CVE-2023-5481: Inappropriate implementation in Downloads.
- CVE-2023-5476: Use after free in Blink History.
- CVE-2023-5474: Heap buffer overflow in PDF.
- CVE-2023-5479: Inappropriate implementation in Extensions API.
- CVE-2023-5485: Inappropriate implementation in Autofill.
- CVE-2023-5478: Inappropriate implementation in Autofill.
- CVE-2023-5477: Inappropriate implementation in Installer.
- CVE-2023-5486: Inappropriate implementation in Input.
- CVE-2023-5473: Use after free in Cast.
* Sat Oct 7 2023 Than Ngo <than(a)redhat.com> - 118.0.5993.54-1
- update to 118.0.5993.54
- drop use_gnome_keyring as it's removed by upstream
* Thu Oct 5 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.149-1
- update to 117.0.5938.149
- fix CVE-2023-5346: Type Confusion in V8
* Fri Sep 29 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.132-2
- add workaround for the crash on BTI capable system
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242073 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242073
[ 2 ] Bug #2242074 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242074
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.98-1.el9 (FEDORA-EPEL-2023-962845bffd)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
Automatic update for distribution-gpg-keys-1.98-1.el9.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.98-1
- update copr keys
- Add openSUSE Backports 2023 key
- Update Amazon Linux 2023 public key
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.32-1.el9 (FEDORA-EPEL-2023-fcc2a04979)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
Automatic update for fedora-license-data-1.32-1.el9. ##### **Changelog for
fedora-license-data** ``` * Thu Oct 12 2023 Miroslav Such�� <msuchy(a)redhat.com>
1.32-1 - new not allowed license LicenseRef-Riverbank-SIP - new license:
LGPL-2.1-only_WITH_Linux-syscall-note - new license: LicenseRef-Fedora-Logos -
new license: GPL-3.0-or-later WITH GNU-compiler-exception - new license: HPND-
doc-sell - new license: BSD-3-Clause-flex - new license: HPND-doc - new license:
LGPL-2.1-or-later WITH GCC-exception-2.0 - Add GPL-2.0-or-later WITH
GPL-3.0-linking-source-exception - new license: BSD-3-Clause-HP - new license:
GFDL-1.3-no-invariants-only - new license: OLDAP-2.7 - new license: Adobe-Utopia
- new license: python-ldap - new license: lsof ```
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.32-1
- new not allowed license LicenseRef-Riverbank-SIP
- new license: LGPL-2.1-only_WITH_Linux-syscall-note
- new license: LicenseRef-Fedora-Logos
- new license: GPL-3.0-or-later WITH GNU-compiler-exception
- new license: HPND-doc-sell
- new license: BSD-3-Clause-flex
- new license: HPND-doc
- new license: LGPL-2.1-or-later WITH GCC-exception-2.0
- Add GPL-2.0-or-later WITH GPL-3.0-linking-source-exception
- new license: BSD-3-Clause-HP
- new license: GFDL-1.3-no-invariants-only
- new license: OLDAP-2.7
- new license: Adobe-Utopia
- new license: python-ldap
- new license: lsof
--------------------------------------------------------------------------------
================================================================================
python-bugzilla-3.2.0-8.el9 (FEDORA-EPEL-2023-b40196f3f2)
Python library for interacting with Bugzilla
--------------------------------------------------------------------------------
Update Information:
This update includes a fix which makes it possible to use non-integer strings
when marking a bug as blocking or depending on another bug. This lets you use
aliases, not just bug IDs (so you can set a bug as blocking e.g. "F39Changes" or
"F39FinalBlocker").
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 Adam Williamson <awilliam(a)redhat.com> - 3.2.0-8
- Backport PR #190 to allow settings blocks/depends as strings (e.g. aliases)
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-maint(a)redhat.com> - 3.2.0-6
- Rebuilt for Python 3.12
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 3.2.0-3
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
pythoncapi-compat-0^20231012git99ab0d3-1.el9 (FEDORA-EPEL-2023-0ea39df536)
Python C API compatibility
--------------------------------------------------------------------------------
Update Information:
Update to `0^20231012git99ab0d3` - Add `PyUnicode_EqualToUTF8()` and
`PyUnicode_EqualToUTF8AndSize()` functions
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0^20231012git99ab0d3-1
- Update to 0^20231012git99ab0d3
- Add PyUnicode_EqualToUTF8() and PyUnicode_EqualToUTF8AndSize() functions
--------------------------------------------------------------------------------
================================================================================
rpminspect-1.12.1-1.el9 (FEDORA-EPEL-2023-7f0b957677)
Build deviation analysis and compliance tool
--------------------------------------------------------------------------------
Update Information:
Upgrade to rpminspect-1.12.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 David Cantrell <dcantrell(a)redhat.com> - 1.12.1-1
- Upgrade to rpminspect-1.12.1
* Thu Oct 12 2023 David Cantrell <dcantrell(a)redhat.com> - 1.12-1
- Upgrade to rpminspect-1.12
--------------------------------------------------------------------------------
================================================================================
x2gokdriveclient-0.0.0.1-2.el9 (FEDORA-EPEL-2023-2e4cf06560)
X2Go KDrive Client application
--------------------------------------------------------------------------------
Update Information:
X2Go KDrive client
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 28 2023 Orion Poplawski <orion(a)nwra.com> - 0.0.0.1-2
- Add BR for gcc-c++
- Fix License tag
- Use %global
* Thu Jun 15 2023 Orion Poplawski <orion(a)nwra.com> - 0.0.0.1-1
- Initial Fedora package
--------------------------------------------------------------------------------
The following Fedora EPEL 8 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-99a9054ad1 netatalk-3.1.18-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-18e8d4f55b mbedtls-2.28.5-1.el8
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e2dd7ffa65 trafficserver-9.2.3-1.el8
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2b36013026 libcue-2.3.0-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-118.0.5993.70-1.el8
distribution-gpg-keys-1.98-1.el8
fedora-license-data-1.32-1.el8
rpminspect-1.12.1-1.el8
x2gokdriveclient-0.0.0.1-2.el8
Details about builds:
================================================================================
chromium-118.0.5993.70-1.el8 (FEDORA-EPEL-2023-53a7bc5700)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 118.0.5993.70. Include following security fixes: - CVE-2023-5218:
Use after free in Site Isolation. - CVE-2023-5487: Inappropriate
implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation
in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools.
- CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481:
Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free
in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. -
CVE-2023-5479: Inappropriate implementation in Extensions API. -
CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478:
Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate
implementation in Installer. - CVE-2023-5486: Inappropriate implementation
in Input. - CVE-2023-5473: Use after free in Cast. ---- update to
117.0.5938.149.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Than Ngo <than(a)redhat.com> - 118.0.5993.70-1
- update to 118.0.5993.70
- CVE-2023-5218: Use after free in Site Isolation.
- CVE-2023-5487: Inappropriate implementation in Fullscreen.
- CVE-2023-5484: Inappropriate implementation in Navigation.
- CVE-2023-5475: Inappropriate implementation in DevTools.
- CVE-2023-5483: Inappropriate implementation in Intents.
- CVE-2023-5481: Inappropriate implementation in Downloads.
- CVE-2023-5476: Use after free in Blink History.
- CVE-2023-5474: Heap buffer overflow in PDF.
- CVE-2023-5479: Inappropriate implementation in Extensions API.
- CVE-2023-5485: Inappropriate implementation in Autofill.
- CVE-2023-5478: Inappropriate implementation in Autofill.
- CVE-2023-5477: Inappropriate implementation in Installer.
- CVE-2023-5486: Inappropriate implementation in Input.
- CVE-2023-5473: Use after free in Cast.
* Sat Oct 7 2023 Than Ngo <than(a)redhat.com> - 118.0.5993.54-1
- update to 118.0.5993.54
- drop use_gnome_keyring as it's removed by upstream
* Thu Oct 5 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.149-1
- update to 117.0.5938.149
- fix CVE-2023-5346: Type Confusion in V8
* Fri Sep 29 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.132-2
- add workaround for the crash on BTI capable system
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242073 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242073
[ 2 ] Bug #2242074 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242074
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.98-1.el8 (FEDORA-EPEL-2023-6a70cf7c13)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
Automatic update for distribution-gpg-keys-1.98-1.el8. ##### **Changelog for
distribution-gpg-keys** ``` * Thu Oct 12 2023 Miroslav Such��
<msuchy(a)redhat.com> 1.98-1 - update copr keys - Add openSUSE Backports 2023 key
- Update Amazon Linux 2023 public key ```
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.98-1
- update copr keys
- Add openSUSE Backports 2023 key
- Update Amazon Linux 2023 public key
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.32-1.el8 (FEDORA-EPEL-2023-de7de1f5ac)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
Automatic update for fedora-license-data-1.32-1.el8. ##### **Changelog for
fedora-license-data** ``` * Thu Oct 12 2023 Miroslav Such�� <msuchy(a)redhat.com>
1.32-1 - new not allowed license LicenseRef-Riverbank-SIP - new license:
LGPL-2.1-only_WITH_Linux-syscall-note - new license: LicenseRef-Fedora-Logos -
new license: GPL-3.0-or-later WITH GNU-compiler-exception - new license: HPND-
doc-sell - new license: BSD-3-Clause-flex - new license: HPND-doc - new license:
LGPL-2.1-or-later WITH GCC-exception-2.0 - Add GPL-2.0-or-later WITH
GPL-3.0-linking-source-exception - new license: BSD-3-Clause-HP - new license:
GFDL-1.3-no-invariants-only - new license: OLDAP-2.7 - new license: Adobe-Utopia
- new license: python-ldap - new license: lsof ```
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.32-1
- new not allowed license LicenseRef-Riverbank-SIP
- new license: LGPL-2.1-only_WITH_Linux-syscall-note
- new license: LicenseRef-Fedora-Logos
- new license: GPL-3.0-or-later WITH GNU-compiler-exception
- new license: HPND-doc-sell
- new license: BSD-3-Clause-flex
- new license: HPND-doc
- new license: LGPL-2.1-or-later WITH GCC-exception-2.0
- Add GPL-2.0-or-later WITH GPL-3.0-linking-source-exception
- new license: BSD-3-Clause-HP
- new license: GFDL-1.3-no-invariants-only
- new license: OLDAP-2.7
- new license: Adobe-Utopia
- new license: python-ldap
- new license: lsof
--------------------------------------------------------------------------------
================================================================================
rpminspect-1.12.1-1.el8 (FEDORA-EPEL-2023-bc8ed572ed)
Build deviation analysis and compliance tool
--------------------------------------------------------------------------------
Update Information:
Upgrade to rpminspect-1.12.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 David Cantrell <dcantrell(a)redhat.com> - 1.12.1-1
- Upgrade to rpminspect-1.12.1
* Thu Oct 12 2023 David Cantrell <dcantrell(a)redhat.com> - 1.12-1
- Upgrade to rpminspect-1.12
--------------------------------------------------------------------------------
================================================================================
x2gokdriveclient-0.0.0.1-2.el8 (FEDORA-EPEL-2023-996a36ba43)
X2Go KDrive Client application
--------------------------------------------------------------------------------
Update Information:
X2Go KDrive client
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 28 2023 Orion Poplawski <orion(a)nwra.com> - 0.0.0.1-2
- Add BR for gcc-c++
- Fix License tag
- Use %global
* Thu Jun 15 2023 Orion Poplawski <orion(a)nwra.com> - 0.0.0.1-1
- Initial Fedora package
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-36e0ca3184 netatalk-3.1.18-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d499e96867 trafficserver-9.2.3-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b5d558ab14 libcue-2.2.1-13.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-118.0.5993.70-1.el7
distribution-gpg-keys-1.98-1.el7
fedora-license-data-1.32-1.el7
nghttp2-1.33.0-1.2.el7
rpminspect-1.12.1-1.el7
Details about builds:
================================================================================
chromium-118.0.5993.70-1.el7 (FEDORA-EPEL-2023-c730ef027d)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 118.0.5993.70. Include following security fixes: - CVE-2023-5218:
Use after free in Site Isolation. - CVE-2023-5487: Inappropriate
implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation
in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools.
- CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481:
Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free
in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. -
CVE-2023-5479: Inappropriate implementation in Extensions API. -
CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478:
Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate
implementation in Installer. - CVE-2023-5486: Inappropriate implementation
in Input. - CVE-2023-5473: Use after free in Cast. ---- update to
117.0.5938.149.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Than Ngo <than(a)redhat.com> - 118.0.5993.70-1
- update to 118.0.5993.70
- CVE-2023-5218: Use after free in Site Isolation.
- CVE-2023-5487: Inappropriate implementation in Fullscreen.
- CVE-2023-5484: Inappropriate implementation in Navigation.
- CVE-2023-5475: Inappropriate implementation in DevTools.
- CVE-2023-5483: Inappropriate implementation in Intents.
- CVE-2023-5481: Inappropriate implementation in Downloads.
- CVE-2023-5476: Use after free in Blink History.
- CVE-2023-5474: Heap buffer overflow in PDF.
- CVE-2023-5479: Inappropriate implementation in Extensions API.
- CVE-2023-5485: Inappropriate implementation in Autofill.
- CVE-2023-5478: Inappropriate implementation in Autofill.
- CVE-2023-5477: Inappropriate implementation in Installer.
- CVE-2023-5486: Inappropriate implementation in Input.
- CVE-2023-5473: Use after free in Cast.
* Sat Oct 7 2023 Than Ngo <than(a)redhat.com> - 118.0.5993.54-1
- update to 118.0.5993.54
- drop use_gnome_keyring as it's removed by upstream
* Thu Oct 5 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.149-1
- update to 117.0.5938.149
- fix CVE-2023-5346: Type Confusion in V8
* Fri Sep 29 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.132-2
- add workaround for the crash on BTI capable system
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242073 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242073
[ 2 ] Bug #2242074 - CVE-2023-5346 chromium: chromium-browser: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242074
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.98-1.el7 (FEDORA-EPEL-2023-176b8b9d36)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
Automatic update for distribution-gpg-keys-1.98-1.el7. ##### **Changelog for
distribution-gpg-keys** ``` * Thu Oct 12 2023 Miroslav Such��
<msuchy(a)redhat.com> 1.98-1 - update copr keys - Add openSUSE Backports 2023 key
- Update Amazon Linux 2023 public key ```
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.98-1
- update copr keys
- Add openSUSE Backports 2023 key
- Update Amazon Linux 2023 public key
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.32-1.el7 (FEDORA-EPEL-2023-a93a09d2b7)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
Automatic update for fedora-license-data-1.32-1.el7. ##### **Changelog for
fedora-license-data** ``` * Thu Oct 12 2023 Miroslav Such�� <msuchy(a)redhat.com>
1.32-1 - new not allowed license LicenseRef-Riverbank-SIP - new license:
LGPL-2.1-only_WITH_Linux-syscall-note - new license: LicenseRef-Fedora-Logos -
new license: GPL-3.0-or-later WITH GNU-compiler-exception - new license: HPND-
doc-sell - new license: BSD-3-Clause-flex - new license: HPND-doc - new license:
LGPL-2.1-or-later WITH GCC-exception-2.0 - Add GPL-2.0-or-later WITH
GPL-3.0-linking-source-exception - new license: BSD-3-Clause-HP - new license:
GFDL-1.3-no-invariants-only - new license: OLDAP-2.7 - new license: Adobe-Utopia
- new license: python-ldap - new license: lsof ```
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.32-1
- new not allowed license LicenseRef-Riverbank-SIP
- new license: LGPL-2.1-only_WITH_Linux-syscall-note
- new license: LicenseRef-Fedora-Logos
- new license: GPL-3.0-or-later WITH GNU-compiler-exception
- new license: HPND-doc-sell
- new license: BSD-3-Clause-flex
- new license: HPND-doc
- new license: LGPL-2.1-or-later WITH GCC-exception-2.0
- Add GPL-2.0-or-later WITH GPL-3.0-linking-source-exception
- new license: BSD-3-Clause-HP
- new license: GFDL-1.3-no-invariants-only
- new license: OLDAP-2.7
- new license: Adobe-Utopia
- new license: python-ldap
- new license: lsof
--------------------------------------------------------------------------------
================================================================================
nghttp2-1.33.0-1.2.el7 (FEDORA-EPEL-2023-c21e7d6bd5)
Experimental HTTP/2 client, server and proxy
--------------------------------------------------------------------------------
Update Information:
- fix HTTP/2 Rapid Reset (CVE-2023-44487)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 Jan Macku <jamacku(a)redhat.com> - 1.33.0-1.2
- fix HTTP/2 Rapid Reset (CVE-2023-44487)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
--------------------------------------------------------------------------------
================================================================================
rpminspect-1.12.1-1.el7 (FEDORA-EPEL-2023-5e1f6d3acd)
Build deviation analysis and compliance tool
--------------------------------------------------------------------------------
Update Information:
Upgrade to rpminspect-1.12.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 12 2023 David Cantrell <dcantrell(a)redhat.com> - 1.12.1-1
- Upgrade to rpminspect-1.12.1
* Thu Oct 12 2023 David Cantrell <dcantrell(a)redhat.com> - 1.12-1
- Upgrade to rpminspect-1.12
--------------------------------------------------------------------------------
Hi,
I'm the maintainer of the `godot` [0] package in Fedora and EPEL7 (as well as the upstream maintainer).
I'm following the documented procedure [1] to retire this package.
The EPEL7 package has been lagging behind for a while and I don't have time to maintain it (and haven't actively maintained it for years already).
There's a number of security issues [2,3,4,5] reported against it to due several outdated vendored dependencies which were not present or compatible in EPEL7 at the time.
The EPEL7 package currently tracks Godot 3.1.2 released in 2019. The latest upstream release is 4.1.2 (from last month) and will find its way to Fedora, but I'm not interested in the effort of porting it to EPEL7.
Given how outdated the version is, and that Godot is a game development application which needs to stay fairly up to date for compatibility with ever changing target platforms, I expect that nobody is actually using it from EPEL7 and adding it there was a mistake when I first packaged Godot for Fedora.
If there are any users of this package, it's easy to download any Godot version from the Godot website, where the Linux binaries are self-contained and portable and should run fine on any EPEL7 system.
Best regards,
Rémi Verschelde / Akien
Godot Engine Project Maintainer
[0] https://src.fedoraproject.org/rpms/godot
[1] https://docs.fedoraproject.org/en-US/epel/epel-policy-retirement/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2233638
[3] https://bugzilla.redhat.com/show_bug.cgi?id=2241257
[4] https://bugzilla.redhat.com/show_bug.cgi?id=2241808
[5] https://bugzilla.redhat.com/show_bug.cgi?id=2243611
[6] https://godotengine.org/download/archive/
The following Fedora EPEL 9 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9c790c33f7 netatalk-3.1.18-1.el9
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a0ec47d7c6 composer-2.6.5-1.el9
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3a968a9e97 chromium-117.0.5938.149-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-61870984c8 mbedtls-2.28.5-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
apptainer-1.2.4-1.el9
gaupol-1.13-2.el9
libcue-2.3.0-1.el9
python-ogr-0.47.0-1.el9
python-openslide-1.3.1-3.el9
texlive-extension-20200406-34.el9
tmt-1.28.2-1.el9
trafficserver-9.2.3-1.el9
yt-dlp-2023.10.07-1.el9
Details about builds:
================================================================================
apptainer-1.2.4-1.el9 (FEDORA-EPEL-2023-18afa1ea0d)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.2.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Dave Dykstra <dwd(a)fnal.gov> - 1.2.4
- Update to upstream 1.2.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2243304 - apptainer-1.2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2243304
--------------------------------------------------------------------------------
================================================================================
gaupol-1.13-2.el9 (FEDORA-EPEL-2023-ca38a4f4c4)
Editor for text-based subtitle files
--------------------------------------------------------------------------------
Update Information:
Update Gaupol to 1.13 and add a weak dependency on mpv for media previews. ##
2023-10-08: Gaupol 1.13 - Fix translations missing for enums - Fix Python 3.12
compatibility and drop support for Python < 3.4 - Add Chinese (China)
translation
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.13-2
- Fedora, EPEL9: add a weak dependency on mpv
- This is upstream���s preferred media player for previews, and the only
supported one packaged in Fedora and EPEL
* Wed Oct 11 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.13-1
- Update to 1.13 (close RHBZ#2242996)
* Wed Oct 11 2023 Yaakov Selkowitz <yselkowi(a)redhat.com> - 1.12-6
- Fix flatpak build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242996 - gaupol-1.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242996
--------------------------------------------------------------------------------
================================================================================
libcue-2.3.0-1.el9 (FEDORA-EPEL-2023-b4fc9c3fdb)
Cue sheet parser library
--------------------------------------------------------------------------------
Update Information:
This update provides a new release of libcue that includes the fix for a serious
security issue that could cause arbitrary code execution, tracked as
CVE-2023-43641. See [this write-up by Kevin
Backhouse](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-
gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue
and writing the fix. It also includes another small bug fix.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 10 2023 Adam Williamson <awilliam(a)redhat.com> - 2.3.0-1
- New release 2.3.0
- Drop merged patch
* Tue Oct 10 2023 Adam Williamson <awilliam(a)redhat.com> - 2.2.1-13
- Fix CVE-2023-43641 (Kevin Backhouse)
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2243168 - CVE-2023-43641 libcue: a out-of-bounds array access leads to RCE [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243168
--------------------------------------------------------------------------------
================================================================================
python-ogr-0.47.0-1.el9 (FEDORA-EPEL-2023-01b34367b7)
One API for multiple git forges
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-ogr-0.47.0-1.el9. ##### **Changelog for python-
ogr** ``` * Wed Oct 11 2023 Packit <hello(a)packit.dev> - 0.47.0-1 - Added
support for removing users/groups from a project and possibility to check for
groups with permissions to modify a PR. (#815) - Resolves rhbz#2125279 * Fri
Oct 06 2023 Packit <hello(a)packit.dev> - 0.46.2-1 - Added missing README to
package metadata. ``` ---- Automatic update for python-ogr-0.46.2-1.el9.
##### **Changelog for python-ogr** ``` * Fri Oct 06 2023 Packit
<hello(a)packit.dev> - 0.46.2-1 - Added missing README to package metadata. ```
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Packit <hello(a)packit.dev> - 0.47.0-1
- Added support for removing users/groups from a project and possibility to check for groups with permissions to modify a PR. (#815)
- Resolves rhbz#2125279
* Fri Oct 6 2023 Packit <hello(a)packit.dev> - 0.46.2-1
- Added missing README to package metadata.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2125279 - python-ogr-0.47.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2125279
--------------------------------------------------------------------------------
================================================================================
python-openslide-1.3.1-3.el9 (FEDORA-EPEL-2023-12a678ef1d)
Python bindings for the OpenSlide library
--------------------------------------------------------------------------------
Update Information:
- Update docs to transform images to sRGB using the default rendering intent of
the image���s ICC profile, rather than absolute colorimetric intent. - Fix SPDX
license identifier.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Benjamin Gilbert <bgilbert(a)backtick.net> - 1.3.1-3
- Use correct SPDX license identifier
* Sun Oct 8 2023 Benjamin Gilbert <bgilbert(a)backtick.net> - 1.3.1-2
- Fix tests on EPEL 9
* Sun Oct 8 2023 Benjamin Gilbert <bgilbert(a)backtick.net> - 1.3.1-1
- New release
- Drop obsolete versioned dependency on OpenSlide
- Drop obsolete Provides/Obsoletes
--------------------------------------------------------------------------------
================================================================================
texlive-extension-20200406-34.el9 (FEDORA-EPEL-2023-856c0e7861)
TeX formatting system
--------------------------------------------------------------------------------
Update Information:
added texlive-boondox, texlive-fontaxes, texlive-IEEEtran and texlive-newtx
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Than Ngo <than(a)redhat.com> - 20200406-34
- fixed bz#2242153, add support of IEEEtran, boondox, fontaxes, newtx
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242153 - Please branch and build IEEEtrans in epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2242153
--------------------------------------------------------------------------------
================================================================================
tmt-1.28.2-1.el9 (FEDORA-EPEL-2023-d3ffb2a15b)
Test Management Tool
--------------------------------------------------------------------------------
Update Information:
Automatic update for tmt-1.28.2-1.el9. ##### **Changelog for tmt** ``` * Wed
Oct 11 2023 Petr ��pl��chal <psplicha(a)redhat.com> - 1.28.2 - Build man page during
the `release` action * Wed Oct 11 2023 Petr ��pl��chal <psplicha(a)redhat.com> -
1.28.1 - Remove the `.dev0` suffix from the spec `Version` * Fri Oct 06 2023
Petr ��pl��chal <psplicha(a)redhat.com> - 1.28.0 - Update the `release` action with
`hatch` changes - Fix the multihost web test to work with container - Add `skip`
as a supported custom result outcome - Add docs for the new `--update-missing`
option - Remove irrelevant mention of `rhel-8` in the spec - Record start/end
time & duration of test checks - Add `--update-missing` to update phase fields
only when not set by fmf - Add --skip-prepare-verify-ssh and --post-install-
script to artemis plugin (#2347) - Force tmt-link pre-commit to use fmf 1.3.0
which brings new features (#2376) - Add logging of applied adjust rules - Handle
all context dimension values case insensitive - Hide `OPTIONLESS_FIELDS` from
`tmt plan show` - Add context into the `html` report - Display test check
results in `display` report output - Fix creation of guest data from plugin
options - Allow wider output - Beaker plugin is negating Beaker operators by
default - Include link to the data directory in the html report - Teach logging
methods to handle common types - Move the copr repository to the `teemtee` group
- Add a new `cpu` property `stepping` to hardware - Extract beakerlib phase name
to a failure log - Always show the real beaker job id - Create a production copr
build for each release - AVC denials check for tests (#2331) - Add nice &
colorfull help to "make" targets - Include more dependencies in the dev
environment - Stop using the `_version.py` file - Replace `opt()` for
`--dry/--force` with properties - Update build names for copr/main and pull
requests - Use `hatch` and `pyproject`, refactor `tmt.spec` - Use dataclass for
log record details instead of typed dict - Refactor html report plugin to use
existing template rendering - Narrow type of hardware constraint variants -
Refactor parameters of `Plan._iter_steps()` - Use `format_value()` instead of
`pprint()` - Use the minimal plan to test imported plan execution - Refactor
exception rendering to use generators - Add the `export` callback for fields
(#2288) - Update a verified-by link for the beaker provision - Multi-string help
texts converted to multiline strings - Make the upload to PyPI working again -
Hide command event debug logs behind a log topic (#2281) - Replace
`pkg_resources` with `importlib.resources` - Wrap `click.Choice` use with
`choices` parameter - Lower unnecessary verbosity of podman commands - Move
check-related code into `tmt.checks` - Disable `systemd-resolved` to prevent dns
failures - Adjust test coverage for deep beakerlib libraries - Document
migration from provision.fmf to tmt (#2325) - Remove TBD of initiator context
for Packit - Fix output indentation of imported plans - Copr repo with a group
owner requires quotes ```
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Petr ��pl��chal <psplicha(a)redhat.com> - 1.28.2
- Build man page during the `release` action
* Wed Oct 11 2023 Petr ��pl��chal <psplicha(a)redhat.com> - 1.28.1
- Remove the `.dev0` suffix from the spec `Version`
* Fri Oct 6 2023 Petr ��pl��chal <psplicha(a)redhat.com> - 1.28.0
- Update the `release` action with `hatch` changes
- Fix the multihost web test to work with container
- Add `skip` as a supported custom result outcome
- Add docs for the new `--update-missing` option
- Remove irrelevant mention of `rhel-8` in the spec
- Record start/end time & duration of test checks
- Add `--update-missing` to update phase fields only when not set by fmf
- Add --skip-prepare-verify-ssh and --post-install-script to artemis plugin (#2347)
- Force tmt-link pre-commit to use fmf 1.3.0 which brings new features (#2376)
- Add logging of applied adjust rules
- Handle all context dimension values case insensitive
- Hide `OPTIONLESS_FIELDS` from `tmt plan show`
- Add context into the `html` report
- Display test check results in `display` report output
- Fix creation of guest data from plugin options
- Allow wider output
- Beaker plugin is negating Beaker operators by default
- Include link to the data directory in the html report
- Teach logging methods to handle common types
- Move the copr repository to the `teemtee` group
- Add a new `cpu` property `stepping` to hardware
- Extract beakerlib phase name to a failure log
- Always show the real beaker job id
- Create a production copr build for each release
- AVC denials check for tests (#2331)
- Add nice & colorfull help to "make" targets
- Include more dependencies in the dev environment
- Stop using the `_version.py` file
- Replace `opt()` for `--dry/--force` with properties
- Update build names for copr/main and pull requests
- Use `hatch` and `pyproject`, refactor `tmt.spec`
- Use dataclass for log record details instead of typed dict
- Refactor html report plugin to use existing template rendering
- Narrow type of hardware constraint variants
- Refactor parameters of `Plan._iter_steps()`
- Use `format_value()` instead of `pprint()`
- Use the minimal plan to test imported plan execution
- Refactor exception rendering to use generators
- Add the `export` callback for fields (#2288)
- Update a verified-by link for the beaker provision
- Multi-string help texts converted to multiline strings
- Make the upload to PyPI working again
- Hide command event debug logs behind a log topic (#2281)
- Replace `pkg_resources` with `importlib.resources`
- Wrap `click.Choice` use with `choices` parameter
- Lower unnecessary verbosity of podman commands
- Move check-related code into `tmt.checks`
- Disable `systemd-resolved` to prevent dns failures
- Adjust test coverage for deep beakerlib libraries
- Document migration from provision.fmf to tmt (#2325)
- Remove TBD of initiator context for Packit
- Fix output indentation of imported plans
- Copr repo with a group owner requires quotes
--------------------------------------------------------------------------------
================================================================================
trafficserver-9.2.3-1.el9 (FEDORA-EPEL-2023-834ef33019)
Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:
Update to upstream 9.2.3 Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Jered Floyd <jered(a)redhat.com> 9.2.3-1
- Update to upstream 9.2.3
- Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
* Wed Oct 4 2023 Jered Floyd <jered(a)redhat.com> 9.2.2-2
- Use OpenSSL 1.1.x from EPEL on RHEL 7 to fix Chrome 117+ bugs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242988 - trafficserver-9.2.3-rc0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242988
[ 2 ] Bug #2243251 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243251
[ 3 ] Bug #2243252 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243252
--------------------------------------------------------------------------------
================================================================================
yt-dlp-2023.10.07-1.el9 (FEDORA-EPEL-2023-f06290bec2)
A command-line program to download videos from online video platforms
--------------------------------------------------------------------------------
Update Information:
Update to 2023.10.07.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Marcus M��ller <marcus_fedora(a)baseband.digital> - 2023.10.07-1
- Update to 2023.10.07.
- Fixes rhbz#2243274
- Fixes rhbz#2240465
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2023.07.06-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2240465 - yt-dlp-2023.10.07 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2240465
[ 2 ] Bug #2243274 - yt-dlp 2023.07.06 broken on YouTube Playlist links
https://bugzilla.redhat.com/show_bug.cgi?id=2243274
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-36e0ca3184 netatalk-3.1.18-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0d68b0d3aa chromium-117.0.5938.149-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
apptainer-1.2.4-1.el7
libcue-2.2.1-13.el7
stb-0-0.27.20231009gitc4bbb6e.el7
trafficserver-9.2.3-1.el7
Details about builds:
================================================================================
apptainer-1.2.4-1.el7 (FEDORA-EPEL-2023-9351dc66e0)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.2.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Dave Dykstra <dwd(a)fnal.gov> - 1.2.4
- Update to upstream 1.2.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2243304 - apptainer-1.2.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2243304
--------------------------------------------------------------------------------
================================================================================
libcue-2.2.1-13.el7 (FEDORA-EPEL-2023-b5d558ab14)
Cue sheet parser library
--------------------------------------------------------------------------------
Update Information:
This update backports the fix for a serious security issue that could cause
arbitrary code execution, tracked as CVE-2023-43641. See [this write-up by Kevin
Backhouse](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-
gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue
and writing the fix.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 10 2023 Adam Williamson <awilliam(a)redhat.com> - 2.2.1-13
- Fix CVE-2023-43641 (Kevin Backhouse)
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Aug 4 2020 Robert Scheck <robert(a)fedoraproject.org> - 2.2.1-6
- Work around CMake out-of-source builds on all branches (#1863986)
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <tstellar(a)redhat.com> - 2.2.1-4
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2243168 - CVE-2023-43641 libcue: a out-of-bounds array access leads to RCE [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243168
--------------------------------------------------------------------------------
================================================================================
stb-0-0.27.20231009gitc4bbb6e.el7 (FEDORA-EPEL-2023-c43dcce45f)
Single-file public domain libraries for C/C++
--------------------------------------------------------------------------------
Update Information:
A new parallel-installable stb_image_resize2 library is added
(stb_image_resize2-devel). It should provide significantly better performance;
the API is similar but not compatible. The original stb_image_resize library is
deprecated by the author, but will continue to be packaged as stb_image_resize-
devel for the foreseeable future.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 10 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0-0.27.20231009gitc4bbb6e
- Update to 0^20231009gitc4bbb6e
- A new stb_image_resize2 library is introduced
- Upstream has deprecated stb_image_resize, but we still package it
--------------------------------------------------------------------------------
================================================================================
trafficserver-9.2.3-1.el7 (FEDORA-EPEL-2023-d499e96867)
Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:
Update to upstream 9.2.3 Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
---- Use OpenSSL 1.1.x from EPEL on EL7 to enable TLSv1.3 and enable Chrome
117+ workaround
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 11 2023 Jered Floyd <jered(a)redhat.com> 9.2.3-1
- Update to upstream 9.2.3
- Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
* Wed Oct 4 2023 Jered Floyd <jered(a)redhat.com> 9.2.2-2
- Use OpenSSL 1.1.x from EPEL on RHEL 7 to fix Chrome 117+ bugs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242988 - trafficserver-9.2.3-rc0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242988
[ 2 ] Bug #2243251 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243251
[ 3 ] Bug #2243252 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2243252
--------------------------------------------------------------------------------