The following Fedora EPEL 9 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-24aceec24b
chromium-123.0.6312.58-1.el9
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-e2cad98fb0
tinyxml-2.6.2-28.el9
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-8526776b15
libopenmpt-0.7.6-1.el9
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-58f1740d29
mbedtls-2.28.8-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
ansible-collection-awx-awx-24.1.0-1.el9
davix-0.8.6-1.el9
editorconfig-0.12.7-1.el9
gaupol-1.14.1-1.el9
knot-resolver-5.7.2-1.el9
libdeflate-1.20-4.el9
mailman3-fedmsg-plugin-0.5-27.el9
redict-7.3.0-1.el9
trafficserver-9.2.4-1.el9
upx-4.2.3-1.el9
wordpress-6.5-1.el9
Details about builds:
================================================================================
ansible-collection-awx-awx-24.1.0-1.el9 (FEDORA-EPEL-2024-81be2210b7)
Ansible modules and plugins for working with AWX
--------------------------------------------------------------------------------
Update Information:
Updated to24.1.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 2 2024 Andrew Heath <anheath(a)anheath-thinkpadt14sgen2i.rmtusnc.csb> -
24.1.0-1
- Update to 24.1.0
--------------------------------------------------------------------------------
================================================================================
davix-0.8.6-1.el9 (FEDORA-EPEL-2024-4c51c7f3d6)
Toolkit for http based file management
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.8.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Mihai Patrascoiu <mihai.patrascoiu(a)cern.ch> - 0.8.6-1
- New upstream release 0.8.6
* Wed Jan 24 2024 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.8.5-5
- Rebuild for gsoap 2.8.132 (Fedora 40)
* Fri Jan 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.5-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Nov 15 2023 Mihai Patrascoiu <mihai.patrascoiu(a)cern.ch> - 0.8.5-3
- Rebuild for gtest 1.14.0 (bugzilla #2228663)
* Tue Oct 31 2023 Terje Rosten <terje.rosten(a)ntnu.no> - 0.8.5-2
- Rebuild for gtest 1.14.0 (bugzilla #2228663)
--------------------------------------------------------------------------------
================================================================================
editorconfig-0.12.7-1.el9 (FEDORA-EPEL-2024-3412a9098b)
Parser for EditorConfig files written in C
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.7: fix pointer overflow in STRING_CAT; fix a few more stack
buffer overflows.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.12.7-1
- Update to 0.12.7 (close RHBZ#2272370)
* Fri Mar 8 2024 Yaakov Selkowitz <yselkowi(a)redhat.com> - 0.12.6-5
- Use bundled uthash in RHEL builds
* Wed Jan 24 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.12.6-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.12.6-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.12.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272370 - editorconfig-0.12.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272370
--------------------------------------------------------------------------------
================================================================================
gaupol-1.14.1-1.el9 (FEDORA-EPEL-2024-780f8186f2)
Editor for text-based subtitle files
--------------------------------------------------------------------------------
Update Information:
Update to 1.14.1: Fix invalid entry in AppData file
Update to 1.14: Change the icon for the toggle video player toolbar item to an
action icon (not mimetype) that has a symbolic version available
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.14.1-1
- Update to 1.14.1 (close RHBZ#2272858)
* Tue Apr 2 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.14-1
- Update to 1.14 (close RHBZ#2272540)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272540 - gaupol-1.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272540
[ 2 ] Bug #2272858 - gaupol-1.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272858
--------------------------------------------------------------------------------
================================================================================
knot-resolver-5.7.2-1.el9 (FEDORA-EPEL-2024-dc425f244e)
Caching full DNS Resolver
--------------------------------------------------------------------------------
Update Information:
Knot Resolver 5.7.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 5.7.2-1
- New upstream version 5.7.2
--------------------------------------------------------------------------------
================================================================================
libdeflate-1.20-4.el9 (FEDORA-EPEL-2024-0050ba61dc)
Fast implementation of DEFLATE, gzip, and zlib
--------------------------------------------------------------------------------
Update Information:
New upstream 1.20.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.20-4
- Don���t build VNNI implementations before GCC 12.1
- Fixes failure to build on x86_64 in EPEL9
* Sat Mar 23 2024 Nick Black <dankamongmen(a)gmail.com> - 1.20-2
- updated .gitignore
* Sat Mar 23 2024 Nick Black <dankamongmen(a)gmail.com> - 1.20-1
- new upstream 1.20
* Thu Jan 25 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.19-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.19-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271155 - libdeflate-1.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2271155
--------------------------------------------------------------------------------
================================================================================
mailman3-fedmsg-plugin-0.5-27.el9 (FEDORA-EPEL-2024-39533b3dcb)
Emit fedmsg messages from mailman3
--------------------------------------------------------------------------------
Update Information:
Initial version for EPEL 9
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Michal Kone��n�� <mkonecny(a)redhat.com> - 0.5-27
- Initial version for EPEL 9
--------------------------------------------------------------------------------
================================================================================
redict-7.3.0-1.el9 (FEDORA-EPEL-2024-6843ef573a)
A persistent key-value database
--------------------------------------------------------------------------------
Update Information:
update to 7.3.0 stable
update to 7.3.0 rc2
initial package build
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Jonathan Wright <jonathan(a)almalinux.org> - 7.3.0-1
- Update to 7.3.0 stable
* Thu Mar 28 2024 Jonathan Wright <jonathan(a)almalinux.org> - 7.3.0~rc2-1
- update to 7.3.0-rc2
- remove sample confs from /usr/share
* Sun Mar 24 2024 Jonathan Wright <jonathan(a)almalinux.org> - 7.3.0~rc1-1
- Initial package build, release candidate
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271615 - Review Request: redict - A persistent key-value database
https://bugzilla.redhat.com/show_bug.cgi?id=2271615
--------------------------------------------------------------------------------
================================================================================
trafficserver-9.2.4-1.el9 (FEDORA-EPEL-2024-0cbb770fdc)
Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:
Update to upstream 9.2.4, resolves CVE-2024-31309 (CONTINUATION frames DoS)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Jered Floyd <jered(a)redhat.com> 9.2.4-1
- Update to upstream 9.2.4
- Resolves CVE-2024-31309
* Sat Jan 27 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 9.2.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2269627 - CVE-2024-31309 trafficserver: CONTINUATION frames DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2269627
--------------------------------------------------------------------------------
================================================================================
upx-4.2.3-1.el9 (FEDORA-EPEL-2024-c6577bc2ed)
Ultimate Packer for eXecutables
--------------------------------------------------------------------------------
Update Information:
4.2.3
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 28 2024 Gwyn Ciesla <gwync(a)protonmail.com> - 4.2.3-1
- 4.2.3
* Sat Jan 27 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.2.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 4 2024 Gwyn Ciesla <gwync(a)protonmail.com> - 4.2.2-1
- 4.2.2
* Thu Nov 2 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 4.2.1-1
- 4.2.1
* Fri Oct 27 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 4.2.0-1
- 4.2.0
* Wed Aug 9 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 4.1.0-1
- 4.1.0
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sun Mar 5 2023 Gwyn Ciesla <gwync(a)protonmail.com> - 4.0.2-2
- migrated to SPDX license
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272102 - upx-4.2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2272102
[ 2 ] Bug #2272827 - CVE-2024-3209 upx: heap-based buffer overflow via get_ne64()
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2272827
--------------------------------------------------------------------------------
================================================================================
wordpress-6.5-1.el9 (FEDORA-EPEL-2024-400cac709c)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
Upstream announcement: WordPress 6.5 ���Regina���
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2024 Remi Collet <remi(a)remirepo.net> - 6.5-1
- WordPress 6.5 ���Regina���
--------------------------------------------------------------------------------