The following Fedora EPEL 9 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9ca41f1622 libcaca-0.99-0.69.beta20.el9
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ae01c7c775 oneVPL-2023.3.1-1.el9
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-13e7593253 cacti-1.2.25-1.el9 cacti-spine-1.2.25-1.el9
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0e8bb46da1 python-waitress-1.4.4-8.el9
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9c790c33f7 netatalk-3.1.18-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a0ec47d7c6 composer-2.6.5-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3a968a9e97 chromium-117.0.5938.149-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
bird-2.14-1.el9
packit-0.83.0-1.el9
powerline-2.8.3-11.el9
python-ogr-0.46.2-1.el9
python-openslide-1.3.1-2.el9
python-xlsxwriter-3.1.6-1.el9
rust-bytecount-0.6.4-1.el9
rust-cargo-platform-0.1.4-1.el9
rust-cargo-util-0.2.6-1.el9
rust-crossbeam-epoch-0.9.15-2.el9
rust-errno-0.3.4-1.el9
rust-hashbrown-0.14.1-1.el9
rust-memchr-2.6.4-1.el9
rust-num-traits-0.2.17-1.el9
rust-pcre2-0.2.5-1.el9
rust-rd-hashd-2.1.2-10.el9
rust-rd-util-2.1.2-8.el9
rust-similar-2.3.0-1.el9
rust-version-sync-0.9.5-1.el9
Details about builds:
================================================================================
bird-2.14-1.el9 (FEDORA-EPEL-2023-fdab3d74e2)
BIRD Internet Routing Daemon
--------------------------------------------------------------------------------
Update Information:
# BIRD 2.14 (2023-10-07) * MPLS subsystem * L3VPN: BGP/MPLS VPNs (RFC 4364)
* BGP: Access to unknown route attributes * RAdv: Custom options * Babel:
RTT metric extension * BMP: Refactored route monitoring * BMP: Multiple
instances of BMP protocol * BMP: Both pre-policy and post-policy monitoring
* Experimental route aggregation * Filter: Method framework * Filter:
Functions have return type statements * Filter: New bytestring data type *
Kernel: Option to learn kernel routes * Many bugfixes and improvements ##
Notes User-defined filter functions that return values now should have return
type statements. BIRD still accepts functions without such statement, if they
could be properly typed. For loops allowed to use both existing iterator
variables or ones defined in the for statement. BIRD no longer support the first
case, all iterator variables must be defined in the for statement (e.g. `for int
i in bgp_path ...`). Due to oversight, VRF interfaces were not included in
respective VRFs, this is fixed now.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Robert Scheck <robert(a)fedoraproject.org> - 2.14-1
- Upgrade to 2.14 (#2242616)
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.13.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242616 - bird-2.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242616
--------------------------------------------------------------------------------
================================================================================
packit-0.83.0-1.el9 (FEDORA-EPEL-2023-f3c1fcced1)
A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:
Automatic update for packit-0.83.0-1.el9.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 6 2023 Packit <hello(a)packit.dev> - 0.83.0-1
- We have fixed an issue that prevented automated allowlisting in the Packit Service. (#2113)
- Packit now also detects resolved bugs in the default update notes (created from changelog diff) and assigns these when submitting the Bodhi updates. (#2111)
- Packit now exports `PACKIT_UPSTREAM_PACKAGE_NAME`, `PACKIT_DOWNSTREAM_PACKAGE_NAME` and `PACKIT_CONFIG_PACKAGE_NAME` also in the `changelog_entry` action. (#2103)
--------------------------------------------------------------------------------
================================================================================
powerline-2.8.3-11.el9 (FEDORA-EPEL-2023-07a031580e)
The ultimate status-line/prompt utility
--------------------------------------------------------------------------------
Update Information:
Review SPDX license identifier; `MIT` is correct
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 7 2023 Christoph Erhardt <fedora(a)sicherha.de> - 2.8.3-11
- Review SPDX license identifier; `MIT` is correct
- Make summary and description of `fonts` subpackage more precise (rhbz#2232553)
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.8.3-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 14 2023 Python Maint <python-maint(a)redhat.com> - 2.8.3-9
- Rebuilt for Python 3.12
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.8.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.8.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 23 2022 Christoph Erhardt <fedora(a)sicherha.de> - 2.8.3-6
- Fix build error with Python 3.11 (#2022396)
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 2.8.3-5
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2232553 - powerline fonts are not installed
https://bugzilla.redhat.com/show_bug.cgi?id=2232553
--------------------------------------------------------------------------------
================================================================================
python-ogr-0.46.2-1.el9 (FEDORA-EPEL-2023-ca82c896b0)
One API for multiple git forges
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-ogr-0.46.2-1.el9. ##### **Changelog for python-
ogr** ``` * Fri Oct 06 2023 Packit <hello(a)packit.dev> - 0.46.2-1 - Added
missing README to package metadata. ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 6 2023 Packit <hello(a)packit.dev> - 0.46.2-1
- Added missing README to package metadata.
--------------------------------------------------------------------------------
================================================================================
python-openslide-1.3.1-2.el9 (FEDORA-EPEL-2023-ddba9154c2)
Python bindings for the OpenSlide library
--------------------------------------------------------------------------------
Update Information:
Update docs to transform images to sRGB using the default rendering intent of
the image���s ICC profile, rather than absolute colorimetric intent.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Benjamin Gilbert <bgilbert(a)backtick.net> - 1.3.1-2
- Fix tests on EPEL 9
* Sun Oct 8 2023 Benjamin Gilbert <bgilbert(a)backtick.net> - 1.3.1-1
- New release
- Drop obsolete versioned dependency on OpenSlide
- Drop obsolete Provides/Obsoletes
--------------------------------------------------------------------------------
================================================================================
python-xlsxwriter-3.1.6-1.el9 (FEDORA-EPEL-2023-1591b09787)
Python module for writing files in the Excel 2007+ XLSX file format
--------------------------------------------------------------------------------
Update Information:
Version 3.1.6: (1) Added support for adding signed VBA macros to workbooks, (2)
Added support for enabling the Excel ���Show #N/A as an empty cell��� chart option
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Rajeesh K V <rajeeshknambiar(a)gmail.com> - 3.1.6-1
- New release 3.1.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2239417 - python-xlsxwriter-3.1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2239417
--------------------------------------------------------------------------------
================================================================================
rust-bytecount-0.6.4-1.el9 (FEDORA-EPEL-2023-de2c77d598)
Count occurrences of a given byte, or the number of UTF-8 code points
--------------------------------------------------------------------------------
Update Information:
Update to version 0.6.4.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.6.4-1
- Update to version 0.6.4; Fixes RHBZ#2241659
* Sun Aug 6 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.6.3-5
- Regenerate with rust2rpm v24
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.6.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.6.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-cargo-platform-0.1.4-1.el9 (FEDORA-EPEL-2023-b893e1540f)
Cargo's representation of a target platform
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.4.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.4-1
- Update to version 0.1.4; Fixes RHBZ#2242663
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-cargo-util-0.2.6-1.el9 (FEDORA-EPEL-2023-a262a2d94d)
Miscellaneous support code used by Cargo
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.6.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.2.6-1
- Update to version 0.2.6; Fixes RHBZ#2242664
--------------------------------------------------------------------------------
================================================================================
rust-crossbeam-epoch-0.9.15-2.el9 (FEDORA-EPEL-2023-356e7074a8)
Epoch-based garbage collection
--------------------------------------------------------------------------------
Update Information:
Various fixes for build failures with Rust 1.73+.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.9.15-2
- Remove redundant clone() call to fix builds with Rust 1.73+
--------------------------------------------------------------------------------
================================================================================
rust-errno-0.3.4-1.el9 (FEDORA-EPEL-2023-00c56491e8)
Cross-platform interface to the errno variable
--------------------------------------------------------------------------------
Update Information:
Update to version 0.3.4.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.3.4-1
- Update to version 0.3.4; Fixes RHBZ#2241645
--------------------------------------------------------------------------------
================================================================================
rust-hashbrown-0.14.1-1.el9 (FEDORA-EPEL-2023-595f55dacb)
Rust port of Google's SwissTable hash map
--------------------------------------------------------------------------------
Update Information:
Update to version 0.14.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.14.1-1
- Update to version 0.14.1; Fixes RHBZ#2241296
--------------------------------------------------------------------------------
================================================================================
rust-memchr-2.6.4-1.el9 (FEDORA-EPEL-2023-9fd76091a4)
Extremely fast 1, 2 or 3 byte search and single substring search
--------------------------------------------------------------------------------
Update Information:
Update to version 2.6.4.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 2.6.4-1
- Update to version 2.6.4; Fixes RHBZ#2241656
--------------------------------------------------------------------------------
================================================================================
rust-num-traits-0.2.17-1.el9 (FEDORA-EPEL-2023-2fb19ae7f1)
Numeric traits for generic mathematics
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.17.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.2.17-1
- Update to version 0.2.17; Fixes RHBZ#2242675
--------------------------------------------------------------------------------
================================================================================
rust-pcre2-0.2.5-1.el9 (FEDORA-EPEL-2023-ba2a772b13)
High level wrapper library for PCRE2
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.5.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.2.5-1
- Update to version 0.2.5; Fixes RHBZ#2241261
--------------------------------------------------------------------------------
================================================================================
rust-rd-hashd-2.1.2-10.el9 (FEDORA-EPEL-2023-356e7074a8)
Latency-sensitive pseudo workload for resctl-demo
--------------------------------------------------------------------------------
Update Information:
Various fixes for build failures with Rust 1.73+.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 2.1.2-10
- Fix builds with Rust 1.73+ caused by ambiguous <number>::div_ceil calls
* Mon Aug 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 2.1.2-9
- Regenerate with rust2rpm v24
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-rd-util-2.1.2-8.el9 (FEDORA-EPEL-2023-356e7074a8)
Utility collection library for resctl-demo
--------------------------------------------------------------------------------
Update Information:
Various fixes for build failures with Rust 1.73+.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 2.1.2-8
- Fix builds with Rust 1.73+ caused by ambiguous <number>::div_ceil calls
* Mon Aug 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 2.1.2-7
- Regenerate with rust2rpm v24
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-similar-2.3.0-1.el9 (FEDORA-EPEL-2023-b010fc34da)
Diff library for Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 2.3.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 2.3.0-1
- Update to version 2.3.0; Fixes RHBZ#2242648
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-version-sync-0.9.5-1.el9 (FEDORA-EPEL-2023-ff10c1989e)
Simple crate for ensuring that version numbers in README files are updated
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.5.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 8 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.9.5-1
- Update to version 0.9.5; Fixes RHBZ#2238175
* Sat Aug 5 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.9.4-6
- Regenerate with rust2rpm v24
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3ee7f851c6 composer-1.10.27-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a99c56df6a libptytty-2.0-4.el7 rxvt-unicode-9.31-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2661620873 libspf2-1.2.11-11.20210922git4915c308.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-458a169f82 exim-4.96.1-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-bcf6c3bf53 cacti-1.2.25-1.el7 cacti-spine-1.2.25-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
netatalk-3.1.18-1.el7
tracer-1.1-1.el7
zchunk-1.3.2-1.el7
Details about builds:
================================================================================
netatalk-3.1.18-1.el7 (FEDORA-EPEL-2023-36e0ca3184)
Open Source Apple Filing Protocol(AFP) File Server
--------------------------------------------------------------------------------
Update Information:
3.1.18 release Security fix for CVE-2022-22995
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 5 2023 Andrew Bauer <zonexpertconsulting(a)outlook.com> - 5:3.1.18-1
- 3.1.18 release
- Fixes CVE-2022-22995
* Thu Sep 28 2023 Andrew Bauer <zonexpertconsulting(a)outlook.com> - 5:3.1.17-2
- buildrequire mariadb-connector-c-devel for all but el7
- minor changes to other specfile conditionals
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2069298 - CVE-2022-22995 netatalk: default configuration allows the arbitrary writing of files
https://bugzilla.redhat.com/show_bug.cgi?id=2069298
--------------------------------------------------------------------------------
================================================================================
tracer-1.1-1.el7 (FEDORA-EPEL-2023-9c8b49c330)
Finds outdated running applications in your system
--------------------------------------------------------------------------------
Update Information:
- Fix parameters for specifying the target user
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 5 2023 Jakub Kadlcik <frostyx(a)email.cz> 1.1-1
- Fix parameters for specifying the target user (frostyx(a)email.cz)
--------------------------------------------------------------------------------
================================================================================
zchunk-1.3.2-1.el7 (FEDORA-EPEL-2023-9185957f32)
Compressed file format that allows easy deltas
--------------------------------------------------------------------------------
Update Information:
Fixes various bugs
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 5 2023 Jonathan Dieter <jdieter(a)gmail.com> - 1.3.2-1
- Fix a couple of unsigned integer overflow bugs
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-97dd2d11b6 xrdp-0.9.23.1-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3ee7f851c6 composer-1.10.27-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a99c56df6a libptytty-2.0-4.el7 rxvt-unicode-9.31-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2661620873 libspf2-1.2.11-11.20210922git4915c308.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-458a169f82 exim-4.96.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
HepMC3-3.2.7-1.el7
cacti-1.2.25-1.el7
cacti-spine-1.2.25-1.el7
munin-2.0.74-1.el7
partclone-0.3.27-1.el7
rpki-client-8.6-1.el7
rs-20200313-4.el7
trafficserver-9.2.2-2.el7
Details about builds:
================================================================================
HepMC3-3.2.7-1.el7 (FEDORA-EPEL-2023-59cabab56f)
C++ Event Record for Monte Carlo Generators
--------------------------------------------------------------------------------
Update Information:
HepMC3 3.2.7
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 3.2.7-1
- Update to version 3.2.7
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-maint(a)redhat.com> - 3.2.6-2
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------
================================================================================
cacti-1.2.25-1.el7 (FEDORA-EPEL-2023-bcf6c3bf53)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
Update cacti and cacti-spine to version 1.2.25. This includes the upstream
fixes for many CVEs.
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Carl George <carlwgeorge(a)fedoraproject.org> - 1.2.25-1
- Update to version 1.2.25
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2237580 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237580
[ 2 ] Bug #2237581 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237581
[ 3 ] Bug #2237586 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237586
[ 4 ] Bug #2237589 - CVE-2023-39359 cacti: Authenticated SQL injection vulnerability when managing graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237589
[ 5 ] Bug #2237591 - CVE-2023-39360 cacti: Cross-Site Scripting vulnerability when creating new graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237591
[ 6 ] Bug #2237596 - CVE-2023-39361 cacti: Unauthenticated SQL Injection when viewing graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237596
[ 7 ] Bug #2237599 - CVE-2023-39366 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237599
[ 8 ] Bug #2237602 - CVE-2023-39510 cacti: Cross-Site Scripting vulnerability with Device Name when administrating Reports [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237602
[ 9 ] Bug #2237605 - CVE-2023-39357 cacti: SQL Injection when saving data with sql_save() [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237605
[ 10 ] Bug #2237608 - CVE-2023-39358 cacti: Authenticated SQL injection vulnerability when managing reports [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237608
[ 11 ] Bug #2237612 - CVE-2023-39364 cacti: Open redirect in change password functionality [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237612
[ 12 ] Bug #2237614 - CVE-2023-39365 cacti: SQL Injection when using regular expressions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237614
[ 13 ] Bug #2237617 - CVE-2023-30534 cacti: Insecure deserialization of filter data [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237617
[ 14 ] Bug #2237620 - CVE-2023-31132 cacti: Privilege escalation when Cacti installed using Windows Installer defaults [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237620
[ 15 ] Bug #2237623 - CVE-2023-39362 cacti: Authenticated command injection when using SNMP options [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237623
[ 16 ] Bug #2237626 - CVE-2023-39516 cacti: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237626
[ 17 ] Bug #2237818 - CVE-2023-39511 cacti: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237818
[ 18 ] Bug #2242048 - CVE-2023-39512 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242048
--------------------------------------------------------------------------------
================================================================================
cacti-spine-1.2.25-1.el7 (FEDORA-EPEL-2023-bcf6c3bf53)
Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:
Update cacti and cacti-spine to version 1.2.25. This includes the upstream
fixes for many CVEs.
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Carl George <carlwgeorge(a)fedoraproject.org> - 1.2.25-1
- Update to version 1.2.25
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.23-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.2.23-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2237580 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237580
[ 2 ] Bug #2237581 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237581
[ 3 ] Bug #2237586 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237586
[ 4 ] Bug #2237589 - CVE-2023-39359 cacti: Authenticated SQL injection vulnerability when managing graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237589
[ 5 ] Bug #2237591 - CVE-2023-39360 cacti: Cross-Site Scripting vulnerability when creating new graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237591
[ 6 ] Bug #2237596 - CVE-2023-39361 cacti: Unauthenticated SQL Injection when viewing graphs [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237596
[ 7 ] Bug #2237599 - CVE-2023-39366 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237599
[ 8 ] Bug #2237602 - CVE-2023-39510 cacti: Cross-Site Scripting vulnerability with Device Name when administrating Reports [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237602
[ 9 ] Bug #2237605 - CVE-2023-39357 cacti: SQL Injection when saving data with sql_save() [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237605
[ 10 ] Bug #2237608 - CVE-2023-39358 cacti: Authenticated SQL injection vulnerability when managing reports [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237608
[ 11 ] Bug #2237612 - CVE-2023-39364 cacti: Open redirect in change password functionality [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237612
[ 12 ] Bug #2237614 - CVE-2023-39365 cacti: SQL Injection when using regular expressions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237614
[ 13 ] Bug #2237617 - CVE-2023-30534 cacti: Insecure deserialization of filter data [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237617
[ 14 ] Bug #2237620 - CVE-2023-31132 cacti: Privilege escalation when Cacti installed using Windows Installer defaults [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237620
[ 15 ] Bug #2237623 - CVE-2023-39362 cacti: Authenticated command injection when using SNMP options [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237623
[ 16 ] Bug #2237626 - CVE-2023-39516 cacti: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237626
[ 17 ] Bug #2237818 - CVE-2023-39511 cacti: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237818
[ 18 ] Bug #2242048 - CVE-2023-39512 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242048
--------------------------------------------------------------------------------
================================================================================
munin-2.0.74-1.el7 (FEDORA-EPEL-2023-71269dae43)
Network-wide resource monitoring tool
--------------------------------------------------------------------------------
Update Information:
Upstream update to 2.0.74.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Kim B. Heino <b(a)bbbs.net> - 2.0.74-1
- Upgrade to 2.0.74
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.73-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
partclone-0.3.27-1.el7 (FEDORA-EPEL-2023-bbe6bc61e4)
Utility to clone and restore a partition
--------------------------------------------------------------------------------
Update Information:
# partclone v0.3.27 - Update docs - Add read-direct-io and write-direct-op
options for `O_DIRECT` flag - Add date time to log file
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Robert Scheck <robert(a)fedoraproject.org> 0.3.27-1
- Upgrade to 0.3.27 (#2242163)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242163 - partclone-0.3.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242163
--------------------------------------------------------------------------------
================================================================================
rpki-client-8.6-1.el7 (FEDORA-EPEL-2023-8c1d851d38)
OpenBSD RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:
# rpki-client 8.6 - A compliance check was added to ensure the X.509 Subject
only contains `commonName` and optionally `serialNumber`. - A compliance check
was added to ensure the CMS SignedData and SignerInfo versions to be 3. -
Fisher-Yates shuffle the order in which Manifest entries are processed.
Previously, work items were enqueued in the order the CA intended them to appear
on a Manifest. However, there is no obvious benefit to third parties deciding
the order in which things are processed. Now the Manifest ordering is randomized
(as the order has no meaning anyway), and the number of concurrent repository
synchronization operations is limited & timeboxed. - Various refactoring work.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Robert Scheck <robert(a)fedoraproject.org> 8.6-1
- Upgrade to 8.6 (#2242194)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242194 - rpki-client-8.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242194
--------------------------------------------------------------------------------
================================================================================
rs-20200313-4.el7 (FEDORA-EPEL-2023-73640dec77)
Reshape a data array
--------------------------------------------------------------------------------
Update Information:
rs reads the standard input, interpreting each line as a row of blank-separated
entries in an array, transforms the array according to the options, and writes
it on the standard output. Numerous options control input, reshaping and output
processing; the simplest usage example is `ls -1 | rs`, which outputs the same
(on an 80-column terminal) as the modern `ls` with no `-1` argument.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 22 2023 Robert Scheck <robert(a)fedoraproject.org> 20200313-4
- Justify workarounds for Red Hat Enterprise Linux 7 (#2110814 #c3)
* Sat Sep 17 2022 Robert Scheck <robert(a)fedoraproject.org> 20200313-3
- Update license to SPDX expression
* Wed Jul 27 2022 Robert Scheck <robert(a)fedoraproject.org> 20200313-2
- Support for Red Hat Enterprise Linux 7 (thanks to Thorsten Glaser)
* Tue Jul 26 2022 Robert Scheck <robert(a)fedoraproject.org> 20200313-1
- Update to 20200313 (#2110814)
- Initial spec file for Fedora and Red Hat Enterprise Linux
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2110814 - Review Request: rs - Reshape a data array
https://bugzilla.redhat.com/show_bug.cgi?id=2110814
--------------------------------------------------------------------------------
================================================================================
trafficserver-9.2.2-2.el7 (FEDORA-EPEL-2023-a08f6a3e19)
Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:
Use OpenSSL 1.1.x from EPEL on EL7 to enable TLSv1.3 and enable Chrome 117+
workaround
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 4 2023 Jered Floyd <jered(a)redhat.com> 9.2.2-2
- Use OpenSSL 1.1.x from EPEL on RHEL 7 to fix Chrome 117+ bugs
--------------------------------------------------------------------------------