The following Fedora EPEL 8 Security updates need testing:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5660594875
python-markdown2-2.3.9-1.el8
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c3fca161ee
netdata-1.22.1-3.el8
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-38309f9f6f
transmission-2.94-9.el8
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-06e970da9c
knot-resolver-5.1.1-1.el8
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-383149ca50
perl-Email-MIME-1.949-1.el8 perl-Email-MIME-ContentType-1.024-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
cacti-1.2.12-1.el8
cacti-spine-1.2.12-1.el8
icewm-1.6.6-1.el8
mbedtls-2.16.6-1.el8
pdns-4.3.0-2.el8
perl-File-KeePass-2.03-21.el8
python-xlsxwriter-1.2.9-1.el8
Details about builds:
================================================================================
cacti-1.2.12-1.el8 (FEDORA-EPEL-2020-5b6f780725)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.12 Release notes:
https://www.cacti.net/release_notes.php?version=1.2.12
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 27 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.12-1
- Update to 1.2.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1840313 - CVE-2020-13231 cacti: CSRF at admin email [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1840313
[ 2 ] Bug #1840318 - CVE-2020-13230 cacti: improper access control on disabling a user
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1840318
--------------------------------------------------------------------------------
================================================================================
cacti-spine-1.2.12-1.el8 (FEDORA-EPEL-2020-5b6f780725)
Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.12 Release notes:
https://www.cacti.net/release_notes.php?version=1.2.12
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 27 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.12-1
- Update to 1.2.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1840313 - CVE-2020-13231 cacti: CSRF at admin email [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1840313
[ 2 ] Bug #1840318 - CVE-2020-13230 cacti: improper access control on disabling a user
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1840318
--------------------------------------------------------------------------------
================================================================================
icewm-1.6.6-1.el8 (FEDORA-EPEL-2020-556f772b6e)
Window manager designed for speed, usability, and consistency
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 30 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.6.6-1
- Update to 1.6.6
* Wed May 27 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.6.5-2
- Drop more weak deps and simpilfy SPEC file
- Disable LTO
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.16.6-1.el8 (FEDORA-EPEL-2020-3943d14499)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.16.6 Release notes:
https://tls.mbed.org/tech-
updates/releases/mbedtls-2.16.6-and-2.7.15-released Security Advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-
advisory-2020-04
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 27 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 2.16.6-1
- Update to 2.16.6
- Security Advisory 2020-04 (CVE-2020-10932)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1838552 - CVE-2020-10932 mbedtls: side channel attack possibly leading to
information disclosure [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1838552
--------------------------------------------------------------------------------
================================================================================
pdns-4.3.0-2.el8 (FEDORA-EPEL-2020-429fc91efb)
A modern, advanced and high performance authoritative-only nameserver
--------------------------------------------------------------------------------
Update Information:
- Updated file permissions
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 27 2020 Morten Stevens <mstevens(a)fedoraproject.org> - 4.3.0-2
- Updated file permissions
--------------------------------------------------------------------------------
================================================================================
perl-File-KeePass-2.03-21.el8 (FEDORA-EPEL-2020-abd130a355)
Interface to KeePass V1 and V2 database files
--------------------------------------------------------------------------------
Update Information:
Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-xlsxwriter-1.2.9-1.el8 (FEDORA-EPEL-2020-7294e9861e)
Python module for writing files in the Excel 2007+ XLSX file format
--------------------------------------------------------------------------------
Update Information:
Added support for stacked and percent_stacked Line charts
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 30 2020 Rajeesh K V <rajeeshknambiar(a)gmail.com> - 1.2.9-1
- Added support for stacked and percent_stacked Line charts
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1841933 - python-xlsxwriter-1.2.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1841933
--------------------------------------------------------------------------------