The following Fedora EPEL 8 Security updates need testing:
Age URL
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-5b261a2216
nextcloud-client-3.1.3-1.el8
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-c18d19cbdc
fluidsynth-2.1.8-3.el8
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-0754fdd085
openvpn-2.4.11-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-24ab212ee8
p7zip-16.02-20.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
afpfs-ng-0.8.1-35.el8
bgpq4-0.0.7-1.el8
google-benchmark-1.5.3-1.el8
lua-sec-1.0.1-1.el8
perl-Image-ExifTool-12.16-3.el8
pngcheck-2.4.0-8.el8
python-re-assert-1.1.0-1.el8
waiverdb-1.3.0-1.el8
Details about builds:
================================================================================
afpfs-ng-0.8.1-35.el8 (FEDORA-EPEL-2021-a7cac9b814)
Apple Filing Protocol client
--------------------------------------------------------------------------------
Update Information:
modernize spec, push the bugfix to active branches
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 26 2021 Michal Ambroz <rebus _AT seznam.cz> - 0.8.1-35
- modernize spec, push the bugfix to active branches
* Fri Mar 12 2021 Michal Ambroz <rebus _AT seznam.cz> - 0.8.1-34
- fix issue 1507944
* Mon Jan 25 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.1-33
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jul 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.1-32
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.1-31
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1507944 - afpcmd may crash on long options parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1507944
--------------------------------------------------------------------------------
================================================================================
bgpq4-0.0.7-1.el8 (FEDORA-EPEL-2021-d62bad9a88)
Automate BGP filter generation based on routing database information
--------------------------------------------------------------------------------
Update Information:
bgpq4 0.0.7 =========== - Replace `AM_CONFIG_HEADER` bysuperseded
`AC_CONFIG_HEADERS` - bgpq_expander: Increase the read select timeout to 30
seconds - Respect `-s` when there are no prefix lists - Multiple man page
improvements - Arista EOS Support - Remove `select()`, use system default -
Remove not-needed `shutdown()` - Revert conditional clauses around XR prefix
list generation
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 26 2021 Robert Scheck <robert(a)fedoraproject.org> 0.0.7-1
- Upgrade to 0.0.7 (#1953767)
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.6-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.0.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1953767 - bgpq4-0.0.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1953767
--------------------------------------------------------------------------------
================================================================================
google-benchmark-1.5.3-1.el8 (FEDORA-EPEL-2021-ff299b2731)
A microbenchmark support library
--------------------------------------------------------------------------------
Update Information:
Updated to version 1.5.3.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 26 2021 Vitaly Zaitsev <vitaly(a)easycoding.org> - 1.5.3-1
- Updated to version 1.5.3.
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Oct 14 2020 Jeff Law <law(a)redhat.com> - 1.5.2-2
- Fix missing #include for gcc-11
--------------------------------------------------------------------------------
================================================================================
lua-sec-1.0.1-1.el8 (FEDORA-EPEL-2021-a017696c37)
Lua binding for OpenSSL library
--------------------------------------------------------------------------------
Update Information:
LuaSec 1.0.1 ============ * Fix `luaL_buffinit()` can use the stack and broke
`buffer_meth_receive()`
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 26 2021 Robert Scheck <robert(a)fedoraproject.org> 1.0.1-1
- Upgrade to 1.0.1 (#1953695)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1953695 - lua-sec-1.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1953695
--------------------------------------------------------------------------------
================================================================================
perl-Image-ExifTool-12.16-3.el8 (FEDORA-EPEL-2021-b308580516)
Utility for reading and writing image meta info
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2021-22204.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 26 2021 Tom Callaway <spot(a)fedoraproject.org> - 12.16-3
- apply upstream fix for CVE-2021-22204
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 12.16-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jan 22 2021 Tom Callaway <spot(a)fedoraproject.org> - 12.16-1
- update to latest stable (12.16)
* Tue Jan 19 2021 Tom Callaway <spot(a)fedoraproject.org> - 12.00-3
- add arg_files as doc
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 12.00-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1953616 - CVE-2021-22204 perl-Image-ExifTool: improper neutralization of user
data in the DjVu file format allows arbitrary code execution when parsing a malicious
image
https://bugzilla.redhat.com/show_bug.cgi?id=1953616
--------------------------------------------------------------------------------
================================================================================
pngcheck-2.4.0-8.el8 (FEDORA-EPEL-2021-3a1aaec707)
Verifies the integrity of PNG, JNG and MNG files
--------------------------------------------------------------------------------
Update Information:
Backported fix for #1949800, in which certain invalid PNG data could cause an
integer division-by-zero, invoking undefined behavior, from upstream release
3.0.3.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 26 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2.4.0-8
- Backport fix for RHBZ#1949800 from upstream release 3.0.3
--------------------------------------------------------------------------------
================================================================================
python-re-assert-1.1.0-1.el8 (FEDORA-EPEL-2021-47fb922102)
Show where your regex match assertion failed!
--------------------------------------------------------------------------------
Update Information:
new package python-re-assert
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
waiverdb-1.3.0-1.el8 (FEDORA-EPEL-2021-85bf540897)
Service for waiving results in ResultsDB
--------------------------------------------------------------------------------
Update Information:
A simpler permission configuration and fix for stomp.py.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 26 2021 Lukas Holecek <hluk(a)email.cz> - 1.3.0-1
- A simpler permission configuration can be now used. New option
``PERMISSIONS`` uses glob expressions instead of a regular expression to
verify the user is allowed to waive a test case. The configuration can be
listed with :http:get:`/api/v1.0/permissions`. Additional GET parameter
``testcase`` can be used to filter the list by matching test case.
``PERMISSION_MAPPING`` is deprecated but still works if the new option is not
defined.
- Fixes possible disconnecting issue with older stomp.py library
(
https://github.com/jasonrbriggs/stomp.py/issues/323).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1811719 - waiverdb-1.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1811719
--------------------------------------------------------------------------------