The following Fedora EPEL 8 Security updates need testing:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a32cbcaa37
tcpreplay-4.3.3-1.el8
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-232e4f7411
python-django-2.2.13-1.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-18fb909316
znc-1.8.1-1.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-3c9503ab68
libmp4v2-2.1.0-0.21.trunkREV507.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f64e687c3f
lynis-3.0.0-1.el8
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c6a368f21e
chromium-83.0.4103.106-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
alpine-2.23-2.el8
gyp-0.1-0.39.fcd686f1git.el8
hostapd-2.9-4.el8
kf5-knewstuff-5.68.0-1.el8.1
scitokens-cpp-0.5.1-1.el8
xdotool-3.20150503.1-10.el8
Details about builds:
================================================================================
alpine-2.23-2.el8 (FEDORA-EPEL-2020-4d185f6e16)
powerful, easy to use console email client
--------------------------------------------------------------------------------
Update Information:
2.23 fixes CVE-2020-14929 (#1850048,#1850047) and new version (#1848786)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 23 2020 josef radinger <cheese(a)nosuchhost.net> - 2.23-2
- 2.23 fixes CVE-2020-14929 (#1850048) and new version (#1848786)
* Mon Jun 22 2020 josef radinger <cheese(a)nosuchhost.net> - 2.23-1
- bump version
- update patch2 alpine-2.23-gcc10.patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1850047 - CVE-2020-14929 alpine: silently proceeds to use an insecure
connection after a /tls is sent in certain circumstances involving PREAUTH
https://bugzilla.redhat.com/show_bug.cgi?id=1850047
--------------------------------------------------------------------------------
================================================================================
gyp-0.1-0.39.fcd686f1git.el8 (FEDORA-EPEL-2020-2106038be8)
Generate Your Projects
--------------------------------------------------------------------------------
Update Information:
Fix the issue on FIPS mode
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 24 2020 Akira TAGOH <tagoh(a)redhat.com> - 0.1-0.39.fcd686f1git
- Fix BR for RHEL8.
* Wed Jun 24 2020 Akira TAGOH <tagoh(a)redhat.com> - 0.1-0.38.fcd686f1git
- Re-enable a patch to fix an issue on FIP mode.
Resolves: rhbz#1779364
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 0.1-0.37.fcd686f1git
- Rebuilt for Python 3.9
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.1-0.36.fcd686f1git
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Jan 21 2020 Akira TAGOH <tagoh(a)redhat.com> - 0.1-0.35.fcd686f1git
- fix the build issue with Python 3.9.
Resolves: rhbz#1791952
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1779364 - gyp fails in FIPS mode
https://bugzilla.redhat.com/show_bug.cgi?id=1779364
--------------------------------------------------------------------------------
================================================================================
hostapd-2.9-4.el8 (FEDORA-EPEL-2020-c047cbdfd0)
IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 24 2020 Johwn W. Linville <linville(a)redhat.com> - 2.9-4
- Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1846006 - CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
https://bugzilla.redhat.com/show_bug.cgi?id=1846006
--------------------------------------------------------------------------------
================================================================================
kf5-knewstuff-5.68.0-1.el8.1 (FEDORA-EPEL-2020-f21297604d)
KDE Frameworks 5 Tier 3 module for downloading application assets
--------------------------------------------------------------------------------
Update Information:
Page.qml, do not call QuestionAsker (#1838801)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 24 2020 Troy Dawson <tdawson(a)redhat.com> - 5.68.0-1.1
- Page.qml, do not call QuestionAsker (#1838801)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1838801 - Many settings pages fail to load due to Qt error
https://bugzilla.redhat.com/show_bug.cgi?id=1838801
--------------------------------------------------------------------------------
================================================================================
scitokens-cpp-0.5.1-1.el8 (FEDORA-EPEL-2020-34e9284c7a)
C++ Implementation of the SciTokens Library
--------------------------------------------------------------------------------
Update Information:
Translate WLCG's storage.modify as a write permission in SciTokens.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 24 2020 Derek Weitzel <dweitzel(a)unl.edu> - 0.5.1-1
- Add storage.modify as write permission
--------------------------------------------------------------------------------
================================================================================
xdotool-3.20150503.1-10.el8 (FEDORA-EPEL-2020-cf9fc12a6e)
Fake keyboard/mouse input
--------------------------------------------------------------------------------
Update Information:
Build for EPEL8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1774690 - xdotool build request
https://bugzilla.redhat.com/show_bug.cgi?id=1774690
--------------------------------------------------------------------------------