Fedora EPEL 9 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 9 Security updates need testing:
Age URL
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0398ebbbfa w3m-0.5.3-63.git20230121.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-879bfd3d5b chromium-122.0.6261.128-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-626c1844b4 csmock-3.5.3-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-684f77a897 podman-tui-1.0.0-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
koji-1.34.0-3.el9
pandoc-2.14.0.3-17.el9
patat-0.8.7.0-4.el9
prometheus-podman-exporter-1.11.0-1.el9
suricata-6.0.17-1.el9
Details about builds:
================================================================================
koji-1.34.0-3.el9 (FEDORA-EPEL-2024-19d54f50cc)
Build system tools
--------------------------------------------------------------------------------
Update Information:
Add back in missing schema files. rhbz#2270743
Update to 1.34.0 + some small patches
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 22 2024 Kevin Fenzi <kevin(a)scrye.com> - 1.34.0-3
- Add back in missing schema files. rhbz#2270743
* Mon Mar 18 2024 Kevin Fenzi <kevin(a)scrye.com> - 1.34.0-2
- Carry scm policy plugin for hub, it's already upstream
- Use dnf5 compatible 'group install' command
- Allow specifying with a tag value what arches noarch builds happen on.
- Fix image-build to not pass units to oz (to avoid GB/GiB issues)
- Fix a typo in scheduler (already upstreamed)
- Add back index for rpminfo table that was mistakenly dropped.
* Thu Jan 25 2024 Kevin Fenzi <kevin(a)scrye.com> - 1.34.0-1
- Update to 1.34.0. Fixes rhbz#2260055
* Thu Jan 25 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.33.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.33.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.33.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 14 2023 Kevin Fenzi <kevin(a)scrye.com> - 1.33.1-1
- Update to 1.31.1. Fixes rhbz#2222032
* Tue Jun 13 2023 Python Maint <python-maint(a)redhat.com> - 1.33.0-2
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2270743 - Missing koji db schema files
https://bugzilla.redhat.com/show_bug.cgi?id=2270743
--------------------------------------------------------------------------------
================================================================================
pandoc-2.14.0.3-17.el9 (FEDORA-EPEL-2024-3e437ee2d0)
Conversion between markup formats
--------------------------------------------------------------------------------
Update Information:
backport pandoc fixes for CVE-2023-35936 and CVE-2023-38745
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 22 2024 Jens Petersen <petersen(a)redhat.com> - 2.14.0.3-17
- backport fixes for CVE-2023-35936 and CVE-2023-38745
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2220872 - TRIAGE pandoc: TRIAGE_CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2220872
[ 2 ] Bug #2227033 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2227033
--------------------------------------------------------------------------------
================================================================================
patat-0.8.7.0-4.el9 (FEDORA-EPEL-2024-3e437ee2d0)
Terminal-based presentations using Pandoc
--------------------------------------------------------------------------------
Update Information:
backport pandoc fixes for CVE-2023-35936 and CVE-2023-38745
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 17 2022 Jens Petersen <petersen(a)redhat.com> - 0.8.7.0-4
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2220872 - TRIAGE pandoc: TRIAGE_CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2220872
[ 2 ] Bug #2227033 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2227033
--------------------------------------------------------------------------------
================================================================================
prometheus-podman-exporter-1.11.0-1.el9 (FEDORA-EPEL-2024-5d9511ad6e)
Prometheus exporter for podman environment
--------------------------------------------------------------------------------
Update Information:
release v1.11.0
release v1.10.1
release v1.10.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 22 2024 Navid Yaghoobi <navidys(a)fedoraproject.org> - 1.11.0-1
- release v1.11.0
* Sun Mar 17 2024 Navid Yaghoobi <navidys(a)fedoraproject.org> - 1.10.1-1
- release v1.10.1
* Sat Mar 16 2024 Navid Yaghoobi <navidys(a)fedoraproject.org> - 1.10.0-1
- release v1.10.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2268896 - CVE-2024-28180 prometheus-podman-exporter: jose-go: improper handling of highly compressed data [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2268896
--------------------------------------------------------------------------------
================================================================================
suricata-6.0.17-1.el9 (FEDORA-EPEL-2024-1e7f709e59)
Intrusion Detection System
--------------------------------------------------------------------------------
Update Information:
These are bug fix and security releases including MODERATE, HIGH,
and CRITICAL issues.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2024 Steve Grubb <sgrubb(a)redhat.com> 6.0.17-1
- New security and bugfix release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2128376 - Please port your pcre dependency to pcre2. Pcre has been deprecated
https://bugzilla.redhat.com/show_bug.cgi?id=2128376
--------------------------------------------------------------------------------