The following Fedora EPEL 8 Security updates need testing:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e00c3d01e
cutter-re-2.2.0-1.el8 rizin-0.5.1-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-921342768a
python-cairosvg-2.7.0-1.el8
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-347df5dde7
netconsd-0.2-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
ImageMagick-6.9.12.82-1.el8
chromium-111.0.5563.110-1.el8
fakeroot-1.31-1.el8
fastfetch-1.11.0-1.el8
libffado-2.4.7-1.el8
python-bitstruct-8.17.0-1.el8
xrootd-5.5.4-1.el8
Details about builds:
================================================================================
ImageMagick-6.9.12.82-1.el8 (FEDORA-EPEL-2023-30fee0c2cb)
An X application for displaying and manipulating images
--------------------------------------------------------------------------------
Update Information:
Update ImageMagick to 6.9.12.82 (#2176863,2176861,2176860)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 25 2023 S��rgio Basto <sergio(a)serjux.com> - 1:6.9.12.82-1
- Update ImageMagick to 6.9.12.82 (#2176863,2176861,2176860)
* Tue Mar 14 2023 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 1:6.9.12.77-2
- Backport upstream fix for GetPageGeometry misbehavior (bug 2177631)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2176860 - ImageMagick: Specially crafted SVG leads to segmentation fault and
generate trash files in "/tmp", possible to leverage DoS [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2176860
[ 2 ] Bug #2176861 - ImageMagick: Specially crafted SVG leads to segmentation fault and
generate trash files in "/tmp", possible to leverage DoS [fedora-36]
https://bugzilla.redhat.com/show_bug.cgi?id=2176861
[ 3 ] Bug #2176863 - ImageMagick: Specially crafted SVG leads to segmentation fault and
generate trash files in "/tmp", possible to leverage DoS [fedora-37]
https://bugzilla.redhat.com/show_bug.cgi?id=2176863
--------------------------------------------------------------------------------
================================================================================
chromium-111.0.5563.110-1.el8 (FEDORA-EPEL-2023-d1cb530fbd)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
update to 111.0.5563.110. Fixes the following security issues: CVE-2023-1528
CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533
CVE-2023-1534
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 22 2023 Than Ngo <than(a)redhat.com> - 111.0.5563.110-1
- update to 111.0.5563.110
* Sun Mar 12 2023 Neal Gompa <ngompa(a)fedoraproject.org> - 111.0.5563.64-2
- Rebuild for ffmpeg 6.0
--------------------------------------------------------------------------------
================================================================================
fakeroot-1.31-1.el8 (FEDORA-EPEL-2023-96440c9d78)
Gives a fake root environment
--------------------------------------------------------------------------------
Update Information:
Update fakeroot to 1.31 (#2167522)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 15 2023 S��rgio Basto <sergio(a)serjux.com> - 1.31-1
- Update fakeroot to 1.31 (#2167522)
- Add fix from Debian
- Drop fakeroot-inttypes.patch which had almost 10 year old and I dont know what his
purpose
- Drop relax_tartest.patch we don't need it anymore
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.30.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2167522 - fakeroot-1.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2167522
--------------------------------------------------------------------------------
================================================================================
fastfetch-1.11.0-1.el8 (FEDORA-EPEL-2023-6aac4ac9d6)
Like neofetch, but much faster because written in c
--------------------------------------------------------------------------------
Update Information:
update to 1.11
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 25 2023 Jonathan Wright <jonathan(a)almalinux.org> - 1.11.0-1
- Update to 1.11.0 rhbz#2181737
--------------------------------------------------------------------------------
================================================================================
libffado-2.4.7-1.el8 (FEDORA-EPEL-2023-cb7329ac68)
Free firewire audio driver library
--------------------------------------------------------------------------------
Update Information:
update to 2.4.7
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 6 2023 Nils Philippsen <nils(a)tiptoe.de> - 2.4.7-1
- Version 2.4.7
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.6-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Sep 3 2022 Nils Philippsen <nils(a)tiptoe.de> - 2.4.6-3
- Fix yet another int/float crash, this time in the crossbar router
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jul 18 2022 Nils Philippsen <nils(a)tiptoe.de> - 2.4.6-1
- Version 2.4.6
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 2.4.5-3
- Rebuilt for Python 3.11
* Thu Apr 7 2022 Nils Philippsen <nils(a)tiptoe.de> - 2.4.5-2
- Cast more float values to int to avoid crashes
* Sat Mar 12 2022 Nils Philippsen <nils(a)tiptoe.de> - 2.4.5-1
- Version 2.4.5
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.4-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.4-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 2.4.4-4
- Rebuilt for Python 3.10
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-bitstruct-8.17.0-1.el8 (FEDORA-EPEL-2023-ec028e75a4)
Interpret strings as packed binary data
--------------------------------------------------------------------------------
Update Information:
update to 8.17.0
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 25 2023 Jonathan Wright <jonathan(a)almalinux.org> - 8.17.0-1
- Update to 8.17.0 rhbz#2170634
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.15.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
xrootd-5.5.4-1.el8 (FEDORA-EPEL-2023-68f7bbce6e)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
xrootd 5.5.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 24 2023 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1:5.5.4-1
- Update to version 5.5.4
--------------------------------------------------------------------------------