The following Fedora EPEL 8 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-fc233c6d2e
chromium-123.0.6312.58-1.el8
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0ced8d6066
tinyxml-2.6.2-28.el8
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-acb47e6aea
libopenmpt-0.7.6-1.el8
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d0d107787c
assimp-5.0.1-7.el8
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-8791118dee
mbedtls-2.28.8-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
ansible-collection-awx-awx-24.1.0-1.el8
davix-0.8.6-1.el8
editorconfig-0.12.7-1.el8
gaupol-1.14.1-1.el8
knot-resolver-5.7.2-1.el8
redict-7.3.0-1.el8
trafficserver-9.2.4-1.el8
upx-4.2.3-1.el8
Details about builds:
================================================================================
ansible-collection-awx-awx-24.1.0-1.el8 (FEDORA-EPEL-2024-1ca0f04dd7)
Ansible modules and plugins for working with AWX
--------------------------------------------------------------------------------
Update Information:
Updated to24.1.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 2 2024 Andrew Heath <anheath(a)anheath-thinkpadt14sgen2i.rmtusnc.csb> -
24.1.0-1
- Update to 24.1.0
--------------------------------------------------------------------------------
================================================================================
davix-0.8.6-1.el8 (FEDORA-EPEL-2024-93f62e5dad)
Toolkit for http based file management
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.8.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Mihai Patrascoiu <mihai.patrascoiu(a)cern.ch> - 0.8.6-1
- New upstream release 0.8.6
* Wed Jan 24 2024 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.8.5-5
- Rebuild for gsoap 2.8.132 (Fedora 40)
* Fri Jan 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.5-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Nov 15 2023 Mihai Patrascoiu <mihai.patrascoiu(a)cern.ch> - 0.8.5-3
- Rebuild for gtest 1.14.0 (bugzilla #2228663)
* Tue Oct 31 2023 Terje Rosten <terje.rosten(a)ntnu.no> - 0.8.5-2
- Rebuild for gtest 1.14.0 (bugzilla #2228663)
--------------------------------------------------------------------------------
================================================================================
editorconfig-0.12.7-1.el8 (FEDORA-EPEL-2024-7a1c939a17)
Parser for EditorConfig files written in C
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack
buffer overflows.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.12.7-1
- Update to 0.12.7 (close RHBZ#2272370)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272370 - editorconfig-0.12.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272370
--------------------------------------------------------------------------------
================================================================================
gaupol-1.14.1-1.el8 (FEDORA-EPEL-2024-f5ffc8bd1a)
Editor for text-based subtitle files
--------------------------------------------------------------------------------
Update Information:
Update to 1.14.1: Fix invalid entry in AppData file
Update to 1.14: Change the icon for the toggle video player toolbar item to an
action icon (not mimetype) that has a symbolic version available
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.14.1-1
- Update to 1.14.1 (close RHBZ#2272858)
* Tue Apr 2 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.14-1
- Update to 1.14 (close RHBZ#2272540)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272540 - gaupol-1.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272540
[ 2 ] Bug #2272858 - gaupol-1.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272858
--------------------------------------------------------------------------------
================================================================================
knot-resolver-5.7.2-1.el8 (FEDORA-EPEL-2024-9eb149244c)
Caching full DNS Resolver
--------------------------------------------------------------------------------
Update Information:
Knot Resolver 5.7.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 5.7.2-1
- New upstream version 5.7.2
--------------------------------------------------------------------------------
================================================================================
redict-7.3.0-1.el8 (FEDORA-EPEL-2024-2792db8954)
A persistent key-value database
--------------------------------------------------------------------------------
Update Information:
update to 7.3.0 stable
update to 7.3.0 rc2
initial package build
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Jonathan Wright <jonathan(a)almalinux.org> - 7.3.0-1
- Update to 7.3.0 stable
* Thu Mar 28 2024 Jonathan Wright <jonathan(a)almalinux.org> - 7.3.0~rc2-1
- update to 7.3.0-rc2
- remove sample confs from /usr/share
* Sun Mar 24 2024 Jonathan Wright <jonathan(a)almalinux.org> - 7.3.0~rc1-1
- Initial package build, release candidate
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271615 - Review Request: redict - A persistent key-value database
https://bugzilla.redhat.com/show_bug.cgi?id=2271615
--------------------------------------------------------------------------------
================================================================================
trafficserver-9.2.4-1.el8 (FEDORA-EPEL-2024-57848161af)
Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:
Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Jered Floyd <jered(a)redhat.com> 9.2.4-1
- Update to upstream 9.2.4
- Resolves CVE-2024-31309
* Sat Jan 27 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 9.2.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2269627 - CVE-2024-31309 trafficserver: CONTINUATION frames DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2269627
--------------------------------------------------------------------------------
================================================================================
upx-4.2.3-1.el8 (FEDORA-EPEL-2024-88820507e6)
Ultimate Packer for eXecutables
--------------------------------------------------------------------------------
Update Information:
4.2.3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 28 2024 Gwyn Ciesla <gwync(a)protonmail.com> - 4.2.3-1
- 4.2.3
* Sat Jan 27 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.2.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 4 2024 Gwyn Ciesla <gwync(a)protonmail.com> - 4.2.2-1
- 4.2.2
* Thu Nov 2 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 4.2.1-1
- 4.2.1
* Fri Oct 27 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 4.2.0-1
- 4.2.0
* Wed Aug 9 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 4.1.0-1
- 4.1.0
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sun Mar 5 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 4.0.2-2
- migrated to SPDX license
* Wed Feb 1 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 4.0.2-1
- 4.0.2
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jan 12 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 4.0.1-2
- Patches for CVE-2023-23456, CVE-2023-23457
* Thu Nov 17 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 4.0.1-1
- 4.0.1
* Fri Nov 4 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 4.0.0-1
- 4.0.0
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.96-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.96-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.96-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272102 - upx-4.2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272102
[ 2 ] Bug #2272827 - CVE-2024-3209 upx: heap-based buffer overflow via get_ne64()
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272827
--------------------------------------------------------------------------------