The following Fedora EPEL 8 Security updates need testing: Age URL 34 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e00c3d01e cutter-re-2.2.0-1.el8 rizin-0.5.1-1.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-78b54db021 rnp-0.16.3-1.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7f77917637 dr_libs-0-0.20.20230412git4b3d078.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e5c5d6dbdb suricata-6.0.11-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-112.0.5615.121-1.el8 fedora-license-data-1.18-1.el8 globus-gridftp-server-13.24-5.el8 libmongocrypt-1.7.4-1.el8 mrack-1.15.0-1.el8 python-backoff-1.11.1-1.el8 rednotebook-2.29.5-1.el8
Details about builds:
================================================================================ chromium-112.0.5615.121-1.el8 (FEDORA-EPEL-2023-9631f50abc) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information:
update to 112.0.5615.121. Fixes the following security issues: CVE-2023-2004 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2033 ---- update to 112.0.5615.49. Fixes the following security issues: CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534, CVE-2023-25193, CVE-2023-2004 -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 15 2023 Than Ngo than@redhat.com - 112.0.5615.121-1 - update to 112.0.5615.121 * Wed Apr 5 2023 Than Ngo than@redhat.com - 112.0.5615.49-1 - update to 112.0.5615.49 - fix #2184142, Small fonts in menus -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2186431 - CVE-2023-2004 chromium: freetype: integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2186431 [ 2 ] Bug #2186878 - CVE-2023-2033 chromium: chromium-browser: Type Confusion in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2186878 [ 3 ] Bug #2186879 - CVE-2023-2033 chromium: chromium-browser: Type Confusion in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2186879 [ 4 ] Bug #2186982 - [chromium] GPU process crashes on AMD https://bugzilla.redhat.com/show_bug.cgi?id=2186982 [ 5 ] Bug #2187064 - Crash in chromium https://bugzilla.redhat.com/show_bug.cgi?id=2187064 [ 6 ] Bug #2187346 - Lost ability to apply visual effects https://bugzilla.redhat.com/show_bug.cgi?id=2187346 [ 7 ] Bug #2187772 - Hardware acceleration for chromium is not available, even when forcing it https://bugzilla.redhat.com/show_bug.cgi?id=2187772 [ 8 ] Bug #2187900 - CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2187900 [ 9 ] Bug #2187901 - CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2187901 --------------------------------------------------------------------------------
================================================================================ fedora-license-data-1.18-1.el8 (FEDORA-EPEL-2023-7b103ecd59) Fedora Linux license data -------------------------------------------------------------------------------- Update Information:
- add BNF grammar - Add BSD-4.3TAHOE - Add Latex2e-translated-notice - Update UnixCrypt.toml since we don't use legacy Fedora URLs for SPDX (license list) identifiers - Add new file: UnixCrypt - Add new file: LicenseRef-Schematron- schema - After the MIT-Festival license was accepted by SPDX, add it to the data - add field to template to warn about automatic conversion - Add jisksp16-1990-fonts to public-domain-text.txt - Add groff public domain notice - Add public-domain texts for libinstpatch - Update to correct SPDX id: eCos- exception-2.0 - Update QPL-1.0-INRIA-2004 WITH QPL-1.0-INRIA-2004-exception.toml - Add new file: QPL-1.0-INRIA-2004 WITH QPL-1.0-INRIA-2004-exception - Add new file: Xdebug-1.03 - Add new file: NIST-Software -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 20 2023 Miroslav Such�� msuchy@redhat.com 1.18-1 - add BNF grammar - Add BSD-4.3TAHOE - Add Latex2e-translated-notice - Update UnixCrypt.toml since we don't use legacy Fedora URLs for SPDX (license list) identifiers - Add new file: UnixCrypt - Add new file: LicenseRef-Schematron-schema - After the MIT-Festival license was accepted by SPDX, add it to the data - add field to template to warn about automatic conversion - Add jisksp16-1990-fonts to public-domain-text.txt - Add groff public domain notice - Add public-domain texts for libinstpatch - Update to correct SPDX id: eCos-exception-2.0 - Update QPL-1.0-INRIA-2004 WITH QPL-1.0-INRIA-2004-exception.toml - Add new file: QPL-1.0-INRIA-2004 WITH QPL-1.0-INRIA-2004-exception - Add new file: Xdebug-1.03 - Add new file: NIST-Software --------------------------------------------------------------------------------
================================================================================ globus-gridftp-server-13.24-5.el8 (FEDORA-EPEL-2023-d7e4455dac) Grid Community Toolkit - Globus GridFTP Server -------------------------------------------------------------------------------- Update Information:
Re-enable fakeroot test on ppc64le (EPEL 8). -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 19 2023 Mattias Ellert mattias.ellert@physics.uu.se - 13.24-5 - Reenable optional test dependency fakeroot on ppc64le in EPEL 8 * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 13.24-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ libmongocrypt-1.7.4-1.el8 (FEDORA-EPEL-2023-de1fc880d4) The companion C library for client side encryption in drivers -------------------------------------------------------------------------------- Update Information:
**Version 1.7.4** Fixed - Fix build on macOS Ventura. ---- **Version 1.7.3** Fixed - Fix KMIP Register request for versions 1.12-1.13.0 of Hashicorp Vault. - Fix possible memory leak when encrypting malformed BSON with Queryable Encryption. ---- **Version 1.7.2** Improvements - Add toggle for Decimal128 Range Support. Fixed - Fix i686 (32-bit) build. - Fix 32-bit ARM build. ---- **Version 1.7.1** Improvements - Vendor Intel DFP library and allow using system DFP. Fixed - Fix possible abort on base64 decode error of KMS messages. - Fix ILP32-target builds. - Fix LTO build. - Fix IntelDFP to not require Git. ---- **Version 1.7.0** New Features - Add encryptExpression helper - Support for range index. NOTE: The Range algorithm is experimental only. It is not intended for public use. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 19 2023 Remi Collet remi@remirepo.net - 1.7.4-1 - update to 1.7.4 --------------------------------------------------------------------------------
================================================================================ mrack-1.15.0-1.el8 (FEDORA-EPEL-2023-9f7c742448) Multicloud use-case based multihost async provisioner -------------------------------------------------------------------------------- Update Information:
Automatic update for mrack-1.15.0-1.el8. ##### **Changelog for mrack** ``` * Tue Apr 18 2023 Tibor Dudl��k tdudlak@redhat.com - 1.15.0-1 - f9f0e33 test: Add missing strategy_retry test (Tibor Dudl��k) - 121c5db refactor(provider): take max_utilization out to method to ease mocking (Tibor Dudl��k) - dc74ced test: Add missing tests for fixed code from https://github.com/neoave/mrack/pull/245 (Tibor Dudl��k) - 86393ab feat(outputs): preset username and password for windows host in pytest-mh (Tibor Dudl��k) - 4c26b5f feat(outputs): merge nested dictionary instead of overriding it (Tibor Dudl��k) - 4dde2e5 feat(utils): add merge_dict (Tibor Dudl��k) - 5440be1 refactor: fixes _openstack_gather_responses test warnings and exec time (David Pascual) - e29031b fix: Handle 403 AuthError (out of quota) in openstack provisioning (David Pascual) - a4e5075 feat: configurable ssh options (Petr Vobornik) - e9d716e chore: fix docs dependencies in tox run (Petr Vobornik) - 6f1943b chore: add Markdown support to docs and add design section (Petr Vobornik) - 88458e1 docs: SSH options design (Petr Vobornik) ``` -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 18 2023 Tibor Dudl��k tdudlak@redhat.com - 1.15.0-1 - f9f0e33 test: Add missing strategy_retry test (Tibor Dudl��k) - 121c5db refactor(provider): take max_utilization out to method to ease mocking (Tibor Dudl��k) - dc74ced test: Add missing tests for fixed code from https://github.com/neoave/mrack/pull/245 (Tibor Dudl��k) - 86393ab feat(outputs): preset username and password for windows host in pytest-mh (Tibor Dudl��k) - 4c26b5f feat(outputs): merge nested dictionary instead of overriding it (Tibor Dudl��k) - 4dde2e5 feat(utils): add merge_dict (Tibor Dudl��k) - 5440be1 refactor: fixes _openstack_gather_responses test warnings and exec time (David Pascual) - e29031b fix: Handle 403 AuthError (out of quota) in openstack provisioning (David Pascual) - a4e5075 feat: configurable ssh options (Petr Vobornik) - e9d716e chore: fix docs dependencies in tox run (Petr Vobornik) - 6f1943b chore: add Markdown support to docs and add design section (Petr Vobornik) - 88458e1 docs: SSH options design (Petr Vobornik) --------------------------------------------------------------------------------
================================================================================ python-backoff-1.11.1-1.el8 (FEDORA-EPEL-2023-66f08c7851) Python library providing function decorators for configurable backoff and retry -------------------------------------------------------------------------------- Update Information:
Update python-backoff to 1.11.1 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 19 2023 Jiri Kyjovsky j1.kyjovsky@gmail.com - 1.11.1 - Downgrade to 1.11 since the backoff uses some features from python 3.7 * Sun Apr 16 2023 Jiri Kyjovsky j1.kyjovsky@gmail.com - 2.2.1-1 - Upgrade to 2.2.1 --------------------------------------------------------------------------------
================================================================================ rednotebook-2.29.5-1.el8 (FEDORA-EPEL-2023-8e7298ef21) Daily journal with calendar, templates and keyword searching -------------------------------------------------------------------------------- Update Information:
- New upstream version 2.29.5. ---- * Wed Apr 12 2023 Phil Wyett philip.wyett@kathenas.org - 2.29.4-1 - New upstream version 2.29.4. - Use SPDX license identifier. - Requires webkit2gtk4.1 where able. - Little spec file rework. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 19 2023 Phil Wyett philip.wyett@kathenas.org - 2.29.5-1 - New upstream version 2.29.5. * Wed Apr 12 2023 Phil Wyett philip.wyett@kathenas.org - 2.29.4-1 - New upstream version 2.29.4. - Use SPDX license identifier. - Requires webkit2gtk4.1 where able. - Little spec file rework. * Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 2.29.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org