Fedora EPEL 8 updates-testing report - epel-devel - Fedora mailing-lists

8 Jun 2023


      The following Fedora EPEL 8 Security updates need testing:
 Age  URL
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ee729bf9b2   sympa-6.2.72-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
apptainer-1.1.9-1.el8
    guacamole-server-1.5.2-2.el8
    mongo-c-driver-1.23.5-1.el8
    perl-HTML-StripScripts-1.06-22.el8
    remmina-1.4.31-1.el8
    syncthing-1.23.5-1.el8
Details about builds:
================================================================================
 apptainer-1.1.9-1.el8 (FEDORA-EPEL-2023-8957de8c8a)
 Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream-1.1.9
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Dave Dykstra dwd@fnal.gov - 1.1.9-1
- Update to upstream 1.1.9.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2213313 - apptainer-1.1.9 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2213313
--------------------------------------------------------------------------------
================================================================================
 guacamole-server-1.5.2-2.el8 (FEDORA-EPEL-2023-24b6ae61af)
 Server-side native components that form the Guacamole proxy
--------------------------------------------------------------------------------
Update Information:
- Added upstream patch to fix RDP related segfault ([GUACAMOLE-
1802](https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1802))
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Robert Scheck robert@fedoraproject.org - 1.5.2-2
- Added upstream patch to fix RDP related segfault (GUACAMOLE-1802)
--------------------------------------------------------------------------------
================================================================================
 mongo-c-driver-1.23.5-1.el8 (FEDORA-EPEL-2023-eefdadb7f8)
 Client library written in C for MongoDB
--------------------------------------------------------------------------------
Update Information:
**libmongoc 1.23.5**  Fixes:  *    Fix potential crash due to insufficient
memory when allocating performance counters. *    Fix compilation error on
Android platforms due to missing aligned_alloc. *    Return an error if
RewrapManyDataKey is invoked without a provider when a masterKey is given.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Remi Collet remi@remirepo.net - 1.23.5-1
- update to 1.23.5
--------------------------------------------------------------------------------
================================================================================
 perl-HTML-StripScripts-1.06-22.el8 (FEDORA-EPEL-2023-d55abd83c7)
 Strip scripting constructs out of HTML
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2023-24038
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Xavier Bachelot xavier@bachelot.org 1.06-22
- Add patch for CVE-2023-24038
- Convert License: to SPDX
* Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 1.06-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering releng@fedoraproject.org - 1.06-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue May 31 2022 Jitka Plesnikova jplesnik@redhat.com - 1.06-19
- Perl 5.36 rebuild
* Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.06-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 1.06-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri May 21 2021 Jitka Plesnikova jplesnik@redhat.com - 1.06-16
- Perl 5.34 rebuild
* Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 1.06-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 1.06-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 23 2020 Jitka Plesnikova jplesnik@redhat.com - 1.06-13
- Perl 5.32 rebuild
* Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 1.06-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2164149 - CVE-2023-24038 perl-HTML-StripScripts: Handler for style attribute is vulnerable to ReDoS [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2164149
--------------------------------------------------------------------------------
================================================================================
 remmina-1.4.31-1.el8 (FEDORA-EPEL-2023-d93c96ff4c)
 Remote Desktop Client
--------------------------------------------------------------------------------
Update Information:
New upstream version 1.4.31.  Remove no longer needed patches.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Phil Wyett philip.wyett@kathenas.org - 1.4.31-1
- New upstream version 1.4.31.
- Remove no longer needed patches.
* Tue Jun  6 2023 Phil Wyett philip.wyett@kathenas.org - 1.4.30-3
- Remove some old workarounds from spec file.
--------------------------------------------------------------------------------
================================================================================
 syncthing-1.23.5-1.el8 (FEDORA-EPEL-2023-e14003b86d)
 Continuous File Synchronization
--------------------------------------------------------------------------------
Update Information:
Update to version 1.23.5. Addresses CVE-2022-46165.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 1.23.5-1
- Update to version 1.23.5; Fixes RHBZ#2213024
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 1.23.4-1
- Update to version 1.23.4; Fixes RHBZ#2184805
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 1.23.2-1
- Update to version 1.23.2; Fixes RHBZ#2167959
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2213012 - CVE-2022-46165 syncthing: Cross-site scripting through malicious files [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2213012
--------------------------------------------------------------------------------