The following Fedora EPEL 9 Security updates need testing:
Age URL
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1c3e19a13a
radare2-5.8.8-2.el9
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-27fd009f63
optipng-0.7.8-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
afflib-3.7.20-1.el9
chromium-119.0.6045.105-1.el9
gpaw-23.9.1-1.el9
libre-3.6.1-1.el9
libsocketcan-0.0.12-3.el9
munin-2.0.75-1.el9
php-pear-Net-SMTP-1.11.1-1.el9
python-hatch-vcs-0.4.0-1.el9
resalloc-5.1-1.el9
roundcubemail-1.5.6-1.el9
rust-blocking-1.4.1-1.el9
rust-h3-0.0.2-1.el9
rust-h3-quinn-0.0.3-1.el9
rust-piper-0.2.1-1.el9
rust-quinn-0.10.2-1.el9
rust-quinn-proto-0.10.5-1.el9
rust-quinn-udp-0.4.1-1.el9
rust-reqwest-0.11.22-3.el9
rust-rstest_reuse-0.6.0-1.el9
Details about builds:
================================================================================
afflib-3.7.20-1.el9 (FEDORA-EPEL-2023-beb8fef8ac)
Library to support the Advanced Forensic Format
--------------------------------------------------------------------------------
Update Information:
bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 4 2023 Michal Ambroz <rebus _AT seznam.cz> - 3.7.20-1
- bump to version 3.7.20
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.7.19-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-maint(a)redhat.com> - 3.7.19-10
- Rebuilt for Python 3.12
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.7.19-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.7.19-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 3.7.19-7
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
================================================================================
chromium-119.0.6045.105-1.el9 (FEDORA-EPEL-2023-14c0898d9a)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
update to 119.0.6045.105. Security fixes: High CVE-2023-5480: Inappropriate
implementation in Payments. High CVE-2023-5482: Insufficient data validation
in USB. High CVE-2023-5849: Integer overflow in USB. Medium
CVE-2023-5850: Incorrect security UI in Downloads. Medium CVE-2023-5851:
Inappropriate implementation in Downloads. Medium CVE-2023-5852: Use after
free in Printing. Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles. Medium CVE-2023-5855: Use
after free in Reading Mode. Medium CVE-2023-5856: Use after free in Side
Panel. Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Low
CVE-2023-5859: Incorrect security UI in Picture In Picture.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 1 2023 Than Ngo <than(a)redhat.com> - 119.0.6045.105-1
- update to 119.0.6045.105
* Fri Oct 27 2023 Than Ngo <than(a)redhat.com> - 119.0.6045.59-1
- update 119.0.6045.59
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2247403 - CVE-2023-5480 chromium: chromium-browser: Inappropriate
implementation in Payments [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247403
[ 2 ] Bug #2247404 - CVE-2023-5480 chromium: chromium-browser: Inappropriate
implementation in Payments [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247404
[ 3 ] Bug #2247405 - CVE-2023-5482 chromium: chromium-browser: Insufficient data
validation in USB [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247405
[ 4 ] Bug #2247406 - CVE-2023-5482 chromium: chromium-browser: Insufficient data
validation in USB [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247406
[ 5 ] Bug #2247408 - CVE-2023-5849 chromium: chromium-browser: Integer overflow in USB
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247408
[ 6 ] Bug #2247409 - CVE-2023-5849 chromium: chromium-browser: Integer overflow in USB
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247409
[ 7 ] Bug #2247410 - CVE-2023-5850 chromium: chromium-browser: Incorrect security UI in
Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247410
[ 8 ] Bug #2247411 - CVE-2023-5850 chromium: chromium-browser: Incorrect security UI in
Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247411
[ 9 ] Bug #2247412 - CVE-2023-5851 chromium: chromium-browser: Inappropriate
implementation in Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247412
[ 10 ] Bug #2247413 - CVE-2023-5851 chromium: chromium-browser: Inappropriate
implementation in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247413
[ 11 ] Bug #2247414 - CVE-2023-5852 chromium: chromium-browser: Use after free in
Printing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247414
[ 12 ] Bug #2247415 - CVE-2023-5852 chromium: chromium-browser: Use after free in
Printing [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247415
[ 13 ] Bug #2247416 - CVE-2023-5853 chromium: chromium-browser: Incorrect security UI in
Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247416
[ 14 ] Bug #2247417 - CVE-2023-5853 chromium: chromium-browser: Incorrect security UI in
Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247417
[ 15 ] Bug #2247418 - CVE-2023-5854 chromium: chromium-browser: Use after free in
Profiles [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247418
[ 16 ] Bug #2247419 - CVE-2023-5855 chromium: chromium-browser: Use after free in
Reading Mode [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247419
[ 17 ] Bug #2247420 - CVE-2023-5854 chromium: chromium-browser: Use after free in
Profiles [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247420
[ 18 ] Bug #2247421 - CVE-2023-5855 chromium: chromium-browser: Use after free in
Reading Mode [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247421
[ 19 ] Bug #2247422 - CVE-2023-5856 chromium: chromium-browser: Use after free in Side
Panel [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247422
[ 20 ] Bug #2247423 - CVE-2023-5856 chromium: chromium-browser: Use after free in Side
Panel [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247423
[ 21 ] Bug #2247424 - CVE-2023-5858 chromium: chromium-browser: Inappropriate
implementation in WebApp Provider [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247424
[ 22 ] Bug #2247425 - CVE-2023-5859 chromium: chromium-browser: Incorrect security UI in
Picture In Picture [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247425
[ 23 ] Bug #2247426 - CVE-2023-5858 chromium: chromium-browser: Inappropriate
implementation in WebApp Provider [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247426
[ 24 ] Bug #2247429 - CVE-2023-5857 chromium: chromium-browser: Inappropriate
implementation in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247429
[ 25 ] Bug #2247430 - CVE-2023-5857 chromium: chromium-browser: Inappropriate
implementation in Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247430
--------------------------------------------------------------------------------
================================================================================
gpaw-23.9.1-1.el9 (FEDORA-EPEL-2023-4877a73e46)
A grid-based real-space PAW method DFT code
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 3 2023 Marcin Dulak <marcindulak(a)fedoraproject.org> - 23.9.1-1
- New upstream release
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 23.6.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 28 2023 Python Maint <python-maint(a)redhat.com> - 23.6.0-2
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2238750 - gpaw-23.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2238750
--------------------------------------------------------------------------------
================================================================================
libre-3.6.1-1.el9 (FEDORA-EPEL-2023-173258c266)
Generic library for real-time communications
--------------------------------------------------------------------------------
Update Information:
# libre v3.6.1 (2023-11-03) * ice: `AI_V4MAPPED` doesn't exist on OpenBSD *
dialog: REVERT fix rtags of forking `INVITE` with 100rel
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 5 2023 Robert Scheck <robert(a)fedoraproject.org> 3.6.1-1
- Upgrade to 3.6.1 (#2247959)
* Sun Oct 29 2023 Robert Scheck <robert(a)fedoraproject.org> 3.6.0-1
- Upgrade to 3.6.0 (#2244979)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2247959 - libre-3.6.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247959
--------------------------------------------------------------------------------
================================================================================
libsocketcan-0.0.12-3.el9 (FEDORA-EPEL-2023-e50244ad21)
Library for SocketCAN
--------------------------------------------------------------------------------
Update Information:
Initial packaging.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 5 2023 Vasiliy Glazov <vascom2(a)gmail.com> - 0.0.12-3
- Update spec
* Thu Nov 2 2023 Vasiliy Glazov <vascom2(a)gmail.com> - 0.0.12-2
- Added BR gcc
- Removed patch
* Mon Oct 30 2023 Vasiliy Glazov <vascom2(a)gmail.com> - 0.0.12-1
- Initial packaging for Fedora
--------------------------------------------------------------------------------
================================================================================
munin-2.0.75-1.el9 (FEDORA-EPEL-2023-b54f9104ed)
Network-wide resource monitoring tool
--------------------------------------------------------------------------------
Update Information:
Upstream update to 2.0.75.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 6 2023 Kim B. Heino <b(a)bbbs.net> - 2.0.75-1
- Upgrade to 2.0.75
--------------------------------------------------------------------------------
================================================================================
php-pear-Net-SMTP-1.11.1-1.el9 (FEDORA-EPEL-2023-77aa94bf20)
Provides an implementation of the SMTP protocol
--------------------------------------------------------------------------------
Update Information:
**Version 1.11.1** Changelog: * BugFix: Triggering deprecation warnings in
error-log causes system failures because of changing the behavior in error
reporting (#76)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 6 2023 Remi Collet <remi(a)remirepo.net> 1.11.1-1
- update to 1.11.1
--------------------------------------------------------------------------------
================================================================================
python-hatch-vcs-0.4.0-1.el9 (FEDORA-EPEL-2023-1adffaaf0e)
Hatch plugin for versioning with your preferred VCS
--------------------------------------------------------------------------------
Update Information:
## 0.4.0 - 2023-11-06 ***Changed:*** - Drop support for Python 3.7
***Added:*** - Officially support Python 3.12 ***Fixed:*** - Prevent
`UserWarning` when a template is not defined explicitly
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 6 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.4.0-1
- Update to 0.4.0 (close RHBZ#2248106)
* Mon Nov 6 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.3.0-2
- Use new (rpm 4.17.1+) bcond style
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2248106 - python-hatch-vcs-0.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2248106
--------------------------------------------------------------------------------
================================================================================
resalloc-5.1-1.el9 (FEDORA-EPEL-2023-a7421388d2)
Resource allocator for expensive resources - client tooling
--------------------------------------------------------------------------------
Update Information:
new upstream release
https://github.com/praiskup/resalloc/releases/tag/v5.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 6 2023 Pavel Raiskup <praiskup(a)redhat.com> - 5.1-1
- new upstream release
https://github.com/praiskup/resalloc/releases/tag/v5.1
--------------------------------------------------------------------------------
================================================================================
roundcubemail-1.5.6-1.el9 (FEDORA-EPEL-2023-ffe5c0ac79)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
**Release 1.5.6** - Fix cross-site scripting (XSS) vulnerability in setting
Content-Type/Content-Disposition for attachment preview/download
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 6 2023 Remi Collet <remi(a)remirepo.net> - 1.5.6-1
- update to 1.5.6
--------------------------------------------------------------------------------
================================================================================
rust-blocking-1.4.1-1.el9 (FEDORA-EPEL-2023-fa1c99cbc3)
Thread pool for isolating blocking I/O in async programs
--------------------------------------------------------------------------------
Update Information:
- Update the blocking crate to version 1.4.1. - Unretire the package for the
piper crate and update it to version 0.2.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 6 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.4.1-1
- Update to version 1.4.1
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-h3-0.0.2-1.el9 (FEDORA-EPEL-2023-5befe263ab)
Async HTTP/3 implementation
--------------------------------------------------------------------------------
Update Information:
- Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate.
- Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp
crates.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 30 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.0.2-1
- Initial import (#2246720)
--------------------------------------------------------------------------------
================================================================================
rust-h3-quinn-0.0.3-1.el9 (FEDORA-EPEL-2023-5befe263ab)
QUIC transport implementation based on Quinn
--------------------------------------------------------------------------------
Update Information:
- Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate.
- Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp
crates.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 6 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.0.3-1
- Initial import (#2246724)
--------------------------------------------------------------------------------
================================================================================
rust-piper-0.2.1-1.el9 (FEDORA-EPEL-2023-fa1c99cbc3)
Async pipes, channels, mutexes, and more
--------------------------------------------------------------------------------
Update Information:
- Update the blocking crate to version 1.4.1. - Unretire the package for the
piper crate and update it to version 0.2.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 6 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.2.1-1
- Update to version 0.2.1
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.3-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.3-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-quinn-0.10.2-1.el9 (FEDORA-EPEL-2023-5befe263ab)
Versatile QUIC transport protocol implementation
--------------------------------------------------------------------------------
Update Information:
- Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate.
- Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp
crates.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 31 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.10.2-1
- Initial import (#2246723)
--------------------------------------------------------------------------------
================================================================================
rust-quinn-proto-0.10.5-1.el9 (FEDORA-EPEL-2023-5befe263ab)
State machine for the QUIC transport protocol
--------------------------------------------------------------------------------
Update Information:
- Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate.
- Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp
crates.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 30 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.10.5-1
- Initial import (#2246722)
--------------------------------------------------------------------------------
================================================================================
rust-quinn-udp-0.4.1-1.el9 (FEDORA-EPEL-2023-5befe263ab)
UDP sockets with ECN information for the QUIC transport protocol
--------------------------------------------------------------------------------
Update Information:
- Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate.
- Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp
crates.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 30 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.1-1
- Initial import (#2246721)
--------------------------------------------------------------------------------
================================================================================
rust-reqwest-0.11.22-3.el9 (FEDORA-EPEL-2023-5befe263ab)
Higher level HTTP client library
--------------------------------------------------------------------------------
Update Information:
- Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate.
- Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp
crates.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 6 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.11.22-3
- Enable features for HTTP/3 (QUIC) support
* Sat Oct 28 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.11.22-2
- Enable features for Rustls support
--------------------------------------------------------------------------------
================================================================================
rust-rstest_reuse-0.6.0-1.el9 (FEDORA-EPEL-2023-0cbc2527b7)
Reusable test attributes for rstest
--------------------------------------------------------------------------------
Update Information:
Initial packaging of the rstest_reuse crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 6 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.6.0-1
- Initial import (#2247854)
--------------------------------------------------------------------------------