The following Fedora EPEL 8 Security updates need testing: Age URL 27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-31d4c55df0 arm-none-eabi-binutils-cs-2.43-1.el8 arm-none-eabi-gcc-cs-12.4.0-1.el8 arm-none-eabi-newlib-4.4.0.20231231-1.el8 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-851c74616f p7zip-16.02-31.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-a09b624fa1 koji-1.35.1-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
fedora-license-data-1.58-1.el8 keepass-2.57.1-3.el8 mongo-c-driver-1.28.1-1.el8 netdata-1.47.4-4.el8 oath-toolkit-2.6.12-1.el8 python-ncclient-0.6.16-1.el8
Details about builds:
================================================================================ fedora-license-data-1.58-1.el8 (FEDORA-EPEL-2024-68e30c07e0) Fedora Linux license data -------------------------------------------------------------------------------- Update Information:
Automatic update for fedora-license-data-1.58-1.el8. Changelog for fedora-license-data * Thu Oct 10 2024 Miroslav Suchý msuchy@redhat.com 1.58-1 - add Ultra permissive dedication of docbook5-schemas - add public domain dedication for clc - add Sendmail-Open-Source-1.1 license - add public domain dedication for biblesync - add public domain dedication for BareBonesBrowserLaunch - add public domain dedication for astronomy-menus - add LGPL-2.1-only WITH OCCT-exception-1.0 - add CERN-OHL-P-2.0 - add Jam license - add public domain dedication for ants -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 10 2024 Miroslav Suchý msuchy@redhat.com 1.58-1 - add Ultra permissive dedication of docbook5-schemas - add public domain dedication for clc - add Sendmail-Open-Source-1.1 license - add public domain dedication for biblesync - add public domain dedication for BareBonesBrowserLaunch - add public domain dedication for astronomy-menus - add LGPL-2.1-only WITH OCCT-exception-1.0 - add CERN-OHL-P-2.0 - add Jam license - add public domain dedication for ants --------------------------------------------------------------------------------
================================================================================ keepass-2.57.1-3.el8 (FEDORA-EPEL-2024-ef4406c2f8) Password manager -------------------------------------------------------------------------------- Update Information:
Update to 2.57.1 as approved by BSI -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 10 2024 Dr. Tilmann Bubeck tilmann@bubecks.de - 2.57.1-3 - local build * Wed Oct 9 2024 Julian Sikorski belegdol@fedoraproject.org - 2.57.1-1 - Update to version 2.57.1 * Thu Jul 18 2024 Fedora Release Engineering releng@fedoraproject.org - 2.57-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Sun Jun 2 2024 Julian Sikorski belegdol@fedoraproject.org - 2.57-1 - Update to version 2.57 * Sun Feb 4 2024 Julian Sikorski belegdol@fedoraproject.org - 2.56-1 - Update to version 2.56. * Wed Jan 24 2024 Fedora Release Engineering releng@fedoraproject.org - 2.55-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering releng@fedoraproject.org - 2.55-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jan 17 2024 Yaakov Selkowitz yselkowi@redhat.com - 2.55-6 - Fix flatpak build * Tue Jan 2 2024 Julian Sikorski belegdol@fedoraproject.org - 2.55-5 - Fix missing sources * Fri Dec 1 2023 Julian Sikorski belegdol@fedoraproject.org - 2.55-4 - Fix build error * Fri Dec 1 2023 Julian Sikorski belegdol@fedoraproject.org - 2.55-3 - Use upstream source archive directly and verify it during %%prep * Tue Nov 21 2023 Julian Sikorski belegdol@fedoraproject.org - 2.55-2 - Cleanup for upcoming re-review - Do not own %%docdir - Flag license file as %%license - Migrate to SPDX license * Tue Nov 21 2023 Julian Sikorski belegdol@fedoraproject.org - 2.55-1 - Update to version 2.55. * Tue Nov 21 2023 Julian Sikorski belegdol@fedoraproject.org - 2.54-1 - Update to version 2.54. * Tue Nov 21 2023 Julian Sikorski belegdol@fedoraproject.org - 2.53.1-2 - Disable xdotool clipboard workaround to prevent passwords from leaking to systemd journal (CVE-2022-0725) * Tue Nov 21 2023 Julian Sikorski belegdol@fedoraproject.org - 2.53.1-1 - Update to version 2.53.1. * Tue Nov 21 2023 Julian Sikorski belegdol@fedoraproject.org - 2.52-1 - Update to version 2.52. * Tue Nov 21 2023 Julian Sikorski belegdol@fedoraproject.org - 2.51.1-1 - Update to version 2.51.1. * Tue Nov 21 2023 Julian Sikorski belegdol@fedoraproject.org - 2.50-2 - Revert "Don't know how to fix CVE-2022-0725." * Sat Jan 22 2022 Peter Oliver git@mavit.org.uk - 2.50-1 - Update to version 2.50. * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 2.49-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Sun Sep 19 2021 Peter Oliver git@mavit.org.uk - 2.49-1 - Update to version 2.49. * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 2.48.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue May 18 2021 Peter Oliver git@mavit.org.uk - 2.48.1-2 - Create directory /usr/lib/keepass/Languages * Tue May 11 2021 Peter Oliver git@mavit.org.uk - 2.48.1-1 - Update to version 2.48.1. * Fri May 7 2021 Peter Oliver git@mavit.org.uk - 2.48-1 - Update to version 2.48. * Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 2.47-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Sat Jan 9 2021 Peter Oliver git@mavit.org.uk - 2.47-1 - Update to version 2.47. * Thu Sep 17 2020 Peter Oliver git@mavit.org.uk - 2.46-2 - Exclude from armv7hl, where this doesn't currently build. * Fri Sep 11 2020 Peter Oliver git@mavit.org.uk - 2.46-1 - Update to version 2.46. * Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 2.45-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Thu Jul 2 2020 Peter Oliver git@mavit.org.uk - 2.45-2 - Drop Recommends on gtk2 --------------------------------------------------------------------------------
================================================================================ mongo-c-driver-1.28.1-1.el8 (FEDORA-EPEL-2024-12072a6c55) Client library written in C for MongoDB -------------------------------------------------------------------------------- Update Information:
libbson 1.28.1 Fixes: Fix large string handling in bson_string_truncate. Fix possible crash in bson_value_copy. libmongoc 1.28.1 Fixes: Do not return result in mongoc_bulkwritereturn_t if there are no known successful writes. Validate lengths in ill-formed server responses. Do not override read preference when using aggregate with $out/$merge with unscanned servers. Remove unexpected warning if authSource in TXT record is overriden by URI option. Fix crash when non-existent CA file configured with OpenSSL. -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 10 2024 Remi Collet remi@remirepo.net - 1.28.1-1 - update to 1.28.1 --------------------------------------------------------------------------------
================================================================================ netdata-1.47.4-4.el8 (FEDORA-EPEL-2024-53d6aa793f) Real-time performance monitoring -------------------------------------------------------------------------------- Update Information:
Update from upstream Update from upstream Update from upstream -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 10 2024 Didier Fabert didier.fabert@gmail.com 1.47.4-1 - Update from upstream * Wed Oct 2 2024 Didier Fabert didier.fabert@gmail.com 1.47.3-1 - Update from upstream * Thu Sep 26 2024 Didier Fabert didier.fabert@gmail.com 1.47.2-1 - Update from upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2314600 - netdata-1.47.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2314600 [ 2 ] Bug #2316144 - netdata-1.47.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2316144 [ 3 ] Bug #2317730 - netdata-1.47.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2317730 --------------------------------------------------------------------------------
================================================================================ oath-toolkit-2.6.12-1.el8 (FEDORA-EPEL-2024-af2d187f08) One-time password components -------------------------------------------------------------------------------- Update Information:
This is new version fixing possible local privilege escalation. -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 10 2024 Jaroslav Škarvada jskarvad@redhat.com - 2.6.12-1 - New version Resolves: rhbz#2316447 - Dropped privileges when operating on user files Resolves: CVE-2024-47191 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2316488 - CVE-2024-47191 oath-toolkit: Local root exploit in a PAM module https://bugzilla.redhat.com/show_bug.cgi?id=2316488 --------------------------------------------------------------------------------
================================================================================ python-ncclient-0.6.16-1.el8 (FEDORA-EPEL-2024-35ac828870) Python library for the NETCONF protocol -------------------------------------------------------------------------------- Update Information:
Update to 0.6.16: https://github.com/ncclient/ncclient/releases/tag/v0.6.16 -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 9 2024 Benjamin A. Beasley code@musicinmybrain.net - 0.6.16-1 - Update to 0.6.16 (close RHBZ#2317548) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2317548 - python-ncclient-0.6.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=2317548 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org