The following Fedora EPEL 8 Security updates need testing:
Age URL
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-bf8500ac5b
python-slixmpp-1.7.1-1.el8
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-08012668ea
libbsd-0.11.7-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
advancecomp-2.4-1.el8
castxml-0.4.8-1.el8
fedora-license-data-1.8-1.el8
icewm-3.2.2-2.el8
kronosnet-epel-1.24-4.1.el8
Details about builds:
================================================================================
advancecomp-2.4-1.el8 (FEDORA-EPEL-2022-da88fe53cf)
Recompression utilities for .png, .mng, .zip and .gz files
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.4-1
- Update to 2.4 (close RHBZ#2145023)
- Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016,
CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-5
- Identify bundled 7-Zip as ���7zip��� rather than ���7z���
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-4
- Add a comment about upstream tests
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-3
- Stricter file globs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2127376 - CVE-2022-35014 advancecomp: SEGV via invalid read address
https://bugzilla.redhat.com/show_bug.cgi?id=2127376
[ 2 ] Bug #2127378 - CVE-2022-35015 advancecomp: heap-buffer-overflow in
le_uint32_read() in lib/endianrw.h
https://bugzilla.redhat.com/show_bug.cgi?id=2127378
[ 3 ] Bug #2127380 - CVE-2022-35016 advancecomp: heap buffer overflow in data_dup() in
data.cc
https://bugzilla.redhat.com/show_bug.cgi?id=2127380
[ 4 ] Bug #2127383 - CVE-2022-35017 advancecomp: heap-buffer-overflow in
mng_delta_addition() in mng.c
https://bugzilla.redhat.com/show_bug.cgi?id=2127383
[ 5 ] Bug #2127386 - CVE-2022-35018 advancecomp: SEGV via invalid read memory access
https://bugzilla.redhat.com/show_bug.cgi?id=2127386
[ 6 ] Bug #2127389 - CVE-2022-35019 advancecomp: SEGV via invalid write memory access
https://bugzilla.redhat.com/show_bug.cgi?id=2127389
[ 7 ] Bug #2127394 - CVE-2022-35020 advancecomp: heap buffer overflow via the component
inflate()
https://bugzilla.redhat.com/show_bug.cgi?id=2127394
--------------------------------------------------------------------------------
================================================================================
castxml-0.4.8-1.el8 (FEDORA-EPEL-2022-eab213460c)
C-family abstract syntax tree XML output tool
--------------------------------------------------------------------------------
Update Information:
CastXML 0.4.8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.4.8-1
- Update to version 0.4.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2145095 - castxml-0.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2145095
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.8-1.el8 (FEDORA-EPEL-2022-3d9b9bb5a7)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
- Add Public Domain license text used in libselinux - Make LicenseRef for GPLv2
with UPX exception more SPDX-confrmant - Add the equivalent LicenseRef-UPX and
LicenseRef-GPL-2.0-or-later WITH UPX
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.8-1
- Add Public Domain license text used in libselinux (plautrba(a)redhat.com)
- Make LicenseRef for GPLv2 with UPX exception more SPDX-confrmant
(rfontana(a)redhat.com)
- Add the equivalent LicenseRef-UPX and LicenseRef-GPL-2.0-or-later WITH UPX
(rfontana(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
icewm-3.2.2-2.el8 (FEDORA-EPEL-2022-9343c36dd7)
Window manager designed for speed, usability, and consistency
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 17 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 3.2.2-1
- chore: Update to 3.2.2
--------------------------------------------------------------------------------
================================================================================
kronosnet-epel-1.24-4.1.el8 (FEDORA-EPEL-2022-e836710b9d)
Multipoint-to-Multipoint VPN daemon
--------------------------------------------------------------------------------
Update Information:
Merge epel8-next into epel8 now that EL8.7 has caught up with CentOS Stream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Davide Cavalca <dcavalca(a)fedoraproject.org> - 1.24-4.1
- Merge epel8-next into epel8 now that EL8.7 has caught up with CentOS Stream
Resolves: rhbz#2144202
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2144202 - Problem: package libknet1-compress-bzip2-plugin-1.24-3.1.el8.x86_64
requires libknet1(x86-64) = 1.22-2.el8_6, but none of the providers can be installed
https://bugzilla.redhat.com/show_bug.cgi?id=2144202
--------------------------------------------------------------------------------