The following Fedora EPEL 7 Security updates need testing:
Age URL
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-6395a45cb3
perl-Image-ExifTool-12.38-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
liblxi-1.15-1.el7
miniupnpc-2.0-3.el7
Details about builds:
================================================================================
liblxi-1.15-1.el7 (FEDORA-EPEL-2022-c1b58fb721)
Library with simple API for communication with LXI devices
--------------------------------------------------------------------------------
Update Information:
# liblxi v1.15 * Fix meson libtirpc dependency Remove the hardcoded
include patch to libtirpc and replace it with one dynamically resolved via `pkg-
config`. The reason for implementing the meson dependency check this way is
to avoid linking with libtirpc because it is broken with regards to its Sun RPC
implementation so instead we link with the RPC implementation which still reside
in glibc. However, glibc removed their RPC header files so we need the headers
from libtirpc. Further investigation is required to find and fix the bug in
the libtirpc RPC implementation so we can get back to normal. They changed
something moving it out of glibc and they shouldn't have.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 23 2022 Robert Scheck <robert(a)fedoraproject.org> 1.15-1
- Upgrade to 1.15 (#2043963)
* Sat Jan 22 2022 Robert Scheck <robert(a)fedoraproject.org> 1.14-1
- Upgrade to 1.14 (#2042909)
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2043963 - liblxi-1.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2043963
--------------------------------------------------------------------------------
================================================================================
miniupnpc-2.0-3.el7 (FEDORA-EPEL-2022-4069001f10)
Library and tool to control NAT in UPnP-enabled routers
--------------------------------------------------------------------------------
Update Information:
- Clean up SPEC file. - Add patch to fix CVE-2017-1000494 (backported from 2.1).
- Add patch to fix CVE-2017-8798 (backported from 2.1). - Drop conditions for
Python 3 etc, other branches have moved forward.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 30 2022 Simone Caronni <negativo17(a)gmail.com> - 2.0-3
- Add patch to fix CVE-2017-8798 (backported from 2.1).
* Sun Jan 30 2022 Simone Caronni <negativo17(a)gmail.com> - 2.0-2
- Clean up SPEC file.
- Add patch to fix CVE-2017-1000494 (backported from 2.1).
- Drop conditions for Python 3 etc, other branches have moved forward.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1450064 - CVE-2017-8798 miniupnpc: Integer signedness error [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1450064
[ 2 ] Bug #1532504 - CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a
remote attacker to cause a denial of service or potentially execute code [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1532504
--------------------------------------------------------------------------------