The following Fedora EPEL 8 Security updates need testing:
Age URL
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-5d08436b7d
davix-0.8.3-1.el8
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-49c3f833e1
libptytty-2.0-2.el8 rxvt-unicode-9.30-3.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
rdiff-backup-2.2.0-2.el8
signify-31-1.el8
tio-2.5-1.el8
trafficserver-9.1.4-1.el8
Details about builds:
================================================================================
rdiff-backup-2.2.0-2.el8 (FEDORA-EPEL-2022-867a6fe76f)
Convenient and transparent local/remote incremental mirror/backup
--------------------------------------------------------------------------------
Update Information:
Happy Holidays release v2.2.0 - Fedora Release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Frank Crawford <frank(a)crawford.emu.id.au> - 2.2.0-2
- Happy Holidays release v2.2.0 - Fedora Release
* Sun Dec 18 2022 Frank Crawford <frank(a)crawford.emu.id.au> - 2.2.0-1
- Happy Holidays release v2.2.0 - COPR Release
* Mon Nov 21 2022 Frank Crawford <frank(a)crawford.emu.id.au> - 2.0.5-10
- SPDX license update
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.5-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 2.0.5-8
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.5-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sun Jan 2 2022 Frank Crawford <frank(a)crawford.emu.id.au> 2.0.5-6
- Added patch for Python3.11 as per BZ#2021946
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 2.0.5-4
- Rebuilt for Python 3.10
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
signify-31-1.el8 (FEDORA-EPEL-2022-63b4bfe2b2)
Sign and verify signatures on files
--------------------------------------------------------------------------------
Update Information:
- Update to release v31
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Robert Scheck <robert(a)fedoraproject.org> - 31-1
- Update to release v31
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 30-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
tio-2.5-1.el8 (FEDORA-EPEL-2022-7a7b9915ea)
Simple TTY terminal I/O application
--------------------------------------------------------------------------------
Update Information:
# tio v2.5 * Update configuration file documentation Rename `.tiorc` to
`.tioconfig`, `tiorc` to `config`, etc. * Add support for `$HOME/.tioconfig`
Replaces what used to be `$HOME/.tiorc * Fix double prefix key regression
* Better error checking in config file, rename the file Accept `true`,
`enable`, `on`, `yes`, `1` as true values, their counterparts as false ones.
Check integer values for errors and range. Warn about ignored (e.g. misspelled)
options. Check `getenv()` return value for `NULL`. Rename `tiorc` to
`config`, as it's a static INI file, not an executable "run commands".
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Robert Scheck <robert(a)fedoraproject.org> 2.5-1
- Upgrade to 2.5 (#2154614)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2154614 - tio-2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2154614
--------------------------------------------------------------------------------
================================================================================
trafficserver-9.1.4-1.el8 (FEDORA-EPEL-2022-47a8accb45)
Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:
Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 19 2022 Jered Floyd <jered(a)redhat.com> 9.1.4-1
- Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2154123 - trafficserver-9.1.4-rc0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2154123
[ 2 ] Bug #2154896 - CVE-2022-32749 trafficserver: server crash under certain conditions
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154896
[ 3 ] Bug #2154897 - CVE-2022-32749 trafficserver: server crash under certain conditions
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154897
[ 4 ] Bug #2154899 - CVE-2022-37392 trafficserver: ATS is vulnerable to smuggle, cache
poison, and DOS attacks [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154899
[ 5 ] Bug #2154900 - CVE-2022-37392 trafficserver: ATS is vulnerable to smuggle, cache
poison, and DOS attacks [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154900
[ 6 ] Bug #2154902 - CVE-2022-40743 trafficserver: Security issues with the xdebug
plugin [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154902
[ 7 ] Bug #2154903 - CVE-2022-40743 trafficserver: Security issues with the xdebug
plugin [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154903
--------------------------------------------------------------------------------