The following Fedora EPEL 8 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-2da86b14b9 js-jquery-ui-1.13.2-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
bzip3-1.2.1-1.el8 heimdal-7.7.1-1.el8 ntfs-3g-2022.10.3-1.el8 packetdrill-2.0~20220927gitc556afb-3.el8 qt-creator-4.12.4-10.el8 rsnapshot-1.4.4-1.el8 wasmedge-0.11.2-1.el8
Details about builds:
================================================================================ bzip3-1.2.1-1.el8 (FEDORA-EPEL-2022-a5507613e7) Tools for compressing and decompressing bzip3 files -------------------------------------------------------------------------------- Update Information:
This update brings a bz3most tool, a paged viewer for bz3 archive content. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 11 2022 Petr Pisar ppisar@redhat.com - 1.2.1-1 - 1.2.1 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2141791 - bzip3-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2141791 --------------------------------------------------------------------------------
================================================================================ heimdal-7.7.1-1.el8 (FEDORA-EPEL-2022-be3947859f) A Kerberos 5 implementation without export restrictions -------------------------------------------------------------------------------- Update Information:
This release fixes the following Security Vulnerabilities: * CVE-2022-42898 PAC parse integer overflows * CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour * CVE-2022-41916 Fix Unicode normalization read of 1 bytes past end of array * CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors * CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ * CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common Vulnerability Scoring System (CVSS) v3. -------------------------------------------------------------------------------- ChangeLog:
* Wed Nov 16 2022 Alexander Bostr��m abo@root.snowtree.se - 7.7.1-1 - Update to 7.7.1 - Remove upstreamed patch - Replace patch with sed command * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Apr 13 2021 Alexander Bostr��m abo@root.snowtree.se - 7.7.0-9 - Backport autoconf-2.70 fix * Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 7.7.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ ntfs-3g-2022.10.3-1.el8 (FEDORA-EPEL-2022-15e4c3606e) Linux NTFS userspace driver -------------------------------------------------------------------------------- Update Information:
Update to 2022.10.3. Fixes CVE-2022-40284 -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 3 2022 Gabriel Kihlman gk@sysctl.se - 2:2022.10.3-1 - New upstream version 2022.10.3 - Fixes: CVE-2022-40284 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2090876 - ntfs-3g-2022.10.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2090876 [ 2 ] Bug #2140031 - CVE-2022-40284: buffer overflow in NTFS-3G https://bugzilla.redhat.com/show_bug.cgi?id=2140031 --------------------------------------------------------------------------------
================================================================================ packetdrill-2.0~20220927gitc556afb-3.el8 (FEDORA-EPEL-2022-d1c60a847f) Quick, precise tests for entire TCP/UDP/IPv4/IPv6 network stacks -------------------------------------------------------------------------------- Update Information:
Backport upstream PR for Python 3 support -------------------------------------------------------------------------------- ChangeLog:
* Tue Nov 15 2022 Davide Cavalca dcavalca@fedoraproject.org 2.0~20220927gitc556afb-3 - Backport upstream PR for Python 3 support --------------------------------------------------------------------------------
================================================================================ qt-creator-4.12.4-10.el8 (FEDORA-EPEL-2022-a5041250cf) Cross-platform IDE for Qt -------------------------------------------------------------------------------- Update Information:
Rebuild for Qt 5.15.13 (RHEL 8.7) -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 11 2022 Thomas Zimmermann thomas.zimmermann@voestalpine.com - 4.12.4-10 - Rebuild for Qt 5.15.13 (RHEL 8.7) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2142895 - Request to rebuild qt-creator for RHEL 8.7 https://bugzilla.redhat.com/show_bug.cgi?id=2142895 --------------------------------------------------------------------------------
================================================================================ rsnapshot-1.4.4-1.el8 (FEDORA-EPEL-2022-9ffffb529d) Local and remote filesystem snapshot utility -------------------------------------------------------------------------------- Update Information:
# rsnapshot 1.4.4 - Add sentence explaining rsync_long|short_args + sign to man page - Fix rsnapreport problems (incorrect header, fail when `rsync` present, fail with LVM) - Add notes about documentation, and link to the website repo - Fix for '`rsync_cleanup_after_native_cp_al()` only works on directories' fail when `sync_first on` and `cmd_cp` not set (#133), add test - Fix for `rm -rf` failing when the path contains `./` - Suppress noisy error from non-GNU `cp` on BSD-ish machines, including MacOS - Add CentOS 7 to successfully tested to docs - Minor tidy up rel `configure` options `--with-test-(true|false)` - Update travis build settings - Dont use `m4_esyscmd_s` in `configure.ac` - Update docs to remove dangling refs to HOWTO on rsnapshot.org - Skip both SSH tests (rather one) if SSH doesn't work - Use perl-5.30 for tests (used in Ubuntu 20.04 Focal) - Lower verbose level of `rsync` output to 1.3.x equivalent to work with `rsnapreport.pl` again - Fix location of true and false binaries on macOS -------------------------------------------------------------------------------- ChangeLog:
* Wed Nov 16 2022 Robert Scheck robert@fedoraproject.org - 1.4.4-1 - Upgrade to 1.4.4 (#1974006, thanks to Todd Zullinger) * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Jul 23 2021 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Jul 29 2020 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Mar 31 2020 Jitka Plesnikova jplesnik@redhat.com - 1.4.3-3 - Specify all perl dependencies needed for tests * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 1.4.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1974006 - rsnapshot 1.4.4 is available. Please build for EPEL8 and Fedora34 https://bugzilla.redhat.com/show_bug.cgi?id=1974006 --------------------------------------------------------------------------------
================================================================================ wasmedge-0.11.2-1.el8 (FEDORA-EPEL-2022-f1e491bb20) High performance WebAssembly Virtual Machine -------------------------------------------------------------------------------- Update Information:
Release 0.11.2 -------------------------------------------------------------------------------- ChangeLog:
* Wed Nov 16 2022 dm4 dm4@secondstate.io 0.11.2-1 - Release 0.11.2 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org