The following Fedora EPEL 9 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a101920015
OpenImageIO-2.4.8.1-1.el9
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-6a62d83adf
ImageMagick-6.9.12.77-1.el9
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-5f32ecbc71
apptainer-1.1.6-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
chromium-110.0.5481.100-1.el9
cinnamon-5.6.7-1.el9
ck-0.7.0-10.el9
clamav-0.103.8-3.el9
dpkg-1.21.20-2.el9
fpc-srpm-macros-1.3-7.el9
gfal2-2.21.3-1.el9
packit-0.68.0-1.el9
python-fastavro-1.7.1-1.el9
python-tkrzw-0.1.29-1.el9
radare2-5.8.2-1.el9
rust-time-core-0.1.0-1.el9
rust-tokio-stream-0.1.12-1.el9
v-hacd-4.1.0-1.el9
Details about builds:
================================================================================
chromium-110.0.5481.100-1.el9 (FEDORA-EPEL-2023-2243ae7d4f)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
update to 110.0.5481.100
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 17 2023 Than Ngo <than(a)redhat.com> - 110.0.5481.100-1
- update to 110.0.5481.100
* Thu Feb 16 2023 Than Ngo <than(a)redhat.com> - 110.0.5481.77-2
- fix #2071126, enable support V4L2 stateless decoders for aarch64 plattform
- fix prefers-color-scheme
- drop snapshot_blob.bin, replace snapshot_blob.bin with v8_context_snapshot.bin
- move headless_lib*.pak to headless subpackage
--------------------------------------------------------------------------------
================================================================================
cinnamon-5.6.7-1.el9 (FEDORA-EPEL-2023-b5b1671050)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
Update Cinnamon Desktop to 5.6.7
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 16 2023 Leigh Scott <leigh123linux(a)gmail.com> - 5.6.7-1
- Update to 5.6.7 release
--------------------------------------------------------------------------------
================================================================================
ck-0.7.0-10.el9 (FEDORA-EPEL-2023-874249b1da)
Library for high performance concurrent programming
--------------------------------------------------------------------------------
Update Information:
initial epel build
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 17 2023 Petr Men����k <pemensik(a)redhat.com> - 0.7.0-10
- Set time limit to unit test run
- Limit unit test to less cores to make them faster
- Skip some tests on ppc64le and aarch64 platforms to avoid failures
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jan 19 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2042658 - ck for EPEL 9
https://bugzilla.redhat.com/show_bug.cgi?id=2042658
--------------------------------------------------------------------------------
================================================================================
clamav-0.103.8-3.el9 (FEDORA-EPEL-2023-d1e7c4387e)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
- Fix daily.cvd file - Split out documentation into separate -doc sub-package -
(#2128276) Please port your pcre dependency to pcre2 - Explicit dependency on
systemd since systemd-devel no longer has this dependency on F37+ - (#2136977)
not requires data(clamav) on clamav-libs - (#2023371) Add documentation to
preserve user permissions of DatabaseOwner
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Orion Poplawski <orion(a)nwra.com> - 0.103.8-3
- Fix daily.cvd file
* Sat Feb 18 2023 S��rgio Basto <sergio(a)serjux.com> - 0.103.8-2
- Split out documentation into separate -doc sub-package
- (#2128276) Please port your pcre dependency to pcre2
- Explicit dependency on systemd since systemd-devel no longer has this dependency on
F37+
- (#2136977) not requires data(clamav) on clamav-libs
- (#2023371) Add documentation to preserve user permissions of DatabaseOwner
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2171869 - daily.cvd in clamav-0.103.8-1 fails md5sum by clamscan
https://bugzilla.redhat.com/show_bug.cgi?id=2171869
--------------------------------------------------------------------------------
================================================================================
dpkg-1.21.20-2.el9 (FEDORA-EPEL-2023-5d0556ffe4)
Package maintenance system for Debian Linux
--------------------------------------------------------------------------------
Update Information:
- Update to 1.21.20 and enable zst compression - Fix FTI, bug
https://bugzilla.redhat.com/show_bug.cgi?id=2171353
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 S��rgio Basto <sergio(a)serjux.com> - 1.21.20-2
- Fix FTI, bug
https://bugzilla.redhat.com/show_bug.cgi?id=2171353
* Wed Feb 15 2023 Dalton Miner <daltonminer(a)gmail.com> - 1.21.20-1
- Update dpkg to 1.21.20 (#2150017)
- Add zstd support (#2112807)
- Fully switch to libmd for MD5 implementation
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/debian/?id=2767801430de3c6...
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.21.9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2112807 - Enable zst compression support
https://bugzilla.redhat.com/show_bug.cgi?id=2112807
[ 2 ] Bug #2150017 - dpkg-1.21.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2150017
--------------------------------------------------------------------------------
================================================================================
fpc-srpm-macros-1.3-7.el9 (FEDORA-EPEL-2023-016c62923e)
RPM macros needed by packages built with Free Pascal Compiler
--------------------------------------------------------------------------------
Update Information:
Initial build for EPEL9
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Artur Frenszek-Iwicki <fedora(a)svgames.pl> - 1.3-7
- Rebuilt because previous build has been deleted
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
gfal2-2.21.3-1.el9 (FEDORA-EPEL-2023-3363371b28)
Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:
Upstream release v2.21.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Mihai Patrascoiu <mihai.patrascoiu(a)cern.ch> - 2.21.3-1
- Upgrade to upstream release 2.21.3
- Drop patches accepted upstream
* Tue Jan 24 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2.21.2-3
- Rebuild for gtest 1.13.0 (close RHBZ#2163832)
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.21.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
packit-0.68.0-1.el9 (FEDORA-EPEL-2023-dae3ab03c9)
A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:
Automatic update for packit-0.68.0-1.el9. ##### **Changelog for packit** ``` *
Mon Feb 20 2023 Packit <hello(a)packit.dev> - 0.68.0-1 - Packit now requires bodhi
in version 7.0.0 at minimum. (#1844) - You can now use `--srpm` option with the
`packit build locally` CLI command. (#1810) ```
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Packit <hello(a)packit.dev> - 0.68.0-1
- Packit now requires bodhi in version 7.0.0 at minimum. (#1844)
- You can now use `--srpm` option with the `packit build locally` CLI command. (#1810)
--------------------------------------------------------------------------------
================================================================================
python-fastavro-1.7.1-1.el9 (FEDORA-EPEL-2023-1a4d406e55)
Fast Avro for Python
--------------------------------------------------------------------------------
Update Information:
## 2023-01-27 version 1.7.1 - Allow `int`s for default values of `float` and
`double` types
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.7.1-1
- Update to 1.7.1 (close RHBZ#2165194)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2165194 - python-fastavro-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2165194
--------------------------------------------------------------------------------
================================================================================
python-tkrzw-0.1.29-1.el9 (FEDORA-EPEL-2023-efc006a547)
TKRZW Python bindings
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 TI_Eugene <ti.eugene(a)gmail.com> - 0.1.29-1
- Version bump
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.28-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.28-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 0.1.28-7
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
================================================================================
radare2-5.8.2-1.el9 (FEDORA-EPEL-2023-475352c21c)
The reverse engineering framework
--------------------------------------------------------------------------------
Update Information:
update to 5.8.2, fixes several CVE issues
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 25 2023 Michal Ambroz <rebus at, seznam.cz> 5.8.2-1
- bump to 5.8.2
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.7.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Aug 2 2022 Michal Ambroz <rebus at, seznam.cz> 5.7.8-1
- bump to 5.7.8
* Tue Aug 2 2022 Michal Ambroz <rebus at, seznam.cz> 5.7.6-1
- bump to 5.7.6
- cherrypicked patch for new libmagic from upstream
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.6.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Apr 21 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> - 5.6.8-1
- bump to 5.6.8
* Wed Apr 13 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-2
- refresh list of bundled libraries and associated cleanup
* Tue Apr 12 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-2
- Fixes for CVE-2022-1061 CVE-2022-1207 CVE-2022-1237 CVE-2022-1238
CVE-2022-1240 CVE-2022-1244 CVE-2022-1283 CVE-2022-1284 CVE-2022-1296
CVE-2022-1297
* Tue Apr 12 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-1
- bump to 5.6.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2086386 - CVE-2022-1714 radare2: Heap-based Buffer Overflow 4 byte oob read
in msp430 disassembler [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2086386
[ 2 ] Bug #2089714 - CVE-2022-1809 radare2: use of uninitialized function pointer
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2089714
[ 3 ] Bug #2092820 - CVE-2021-44974 radare2: NULL pointer dereference when parsing
binary symbols in bin_symbols.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2092820
[ 4 ] Bug #2092822 - CVE-2021-44975 radare2: Buffer Overflow while parsing mach-o
executables via /libr/core/anal_objc.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2092822
[ 5 ] Bug #2092972 - CVE-2022-1899 radare2: out of bounds read in string_scan_range
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2092972
[ 6 ] Bug #2105005 - CVE-2022-1437 radare2: Heap-based Buffer Overflow in radare2 prior
to 5.7.0 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2105005
[ 7 ] Bug #2111326 - CVE-2022-34502 radare2: heap buffer overflow via the function
consume_encoded_name_new at format/wasm/wasm.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2111326
[ 8 ] Bug #2113988 - CVE-2022-34520 radare2: NULL pointer dereference [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2113988
[ 9 ] Bug #2152391 - CVE-2022-4398 radare2: dev-util/radare2: integer overflow
vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2152391
--------------------------------------------------------------------------------
================================================================================
rust-time-core-0.1.0-1.el9 (FEDORA-EPEL-2023-01ad6916ed)
Internal implementation details of the 'time' crate
--------------------------------------------------------------------------------
Update Information:
Initial packaging of the time-core crate for EPEL 9.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 19 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.0-1
- Initial import (#2168973)
--------------------------------------------------------------------------------
================================================================================
rust-tokio-stream-0.1.12-1.el9 (FEDORA-EPEL-2023-67eaa80174)
Utilities to work with Stream and tokio
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.12.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.12-1
- Update to version 0.1.12; Fixes RHBZ#2171398
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.11-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
v-hacd-4.1.0-1.el9 (FEDORA-EPEL-2023-d3c4bd1cde)
Decomposes a 3D surface into a set of ���near��� convex parts
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 4.1.0-1
- Initial package (close RHBZ#2168594)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2168594 - Review Request: v-hacd - Decomposes a 3D surface into a set of
���near��� convex parts
https://bugzilla.redhat.com/show_bug.cgi?id=2168594
--------------------------------------------------------------------------------