The following Fedora EPEL 8 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-c11b187333
phoronix-test-suite-10.8.1-1.el8
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-ff9adfa937
rlwrap-0.45.2-1.el8
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-bd70e1ba58
kate-21.12.2-1.el8
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-ae246e412f
suricata-5.0.8-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
imapsync-2.140-2.el8
liblxi-1.16-1.el8
python-rencode-1.0.6-17.el8
retrace-server-1.24.1-1.el8
rpki-client-7.6-1.el8
uglify-js3-3.15.1-1.el8
Details about builds:
================================================================================
imapsync-2.140-2.el8 (FEDORA-EPEL-2022-ee40c68dbd)
Tool to migrate email between IMAP servers
--------------------------------------------------------------------------------
Update Information:
* Update to 2.140 * Fix missing documentation * Fix missing dependency on
procps-ng
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 7 2022 Nick Bebout <nb(a)fedoraproject.org> - 2.140-2
- Add dependency on procps-ng
* Mon Feb 7 2022 Nick Bebout <nb(a)fedoraproject.org> - 2.140-1
- Update to 2.140
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.977-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.977-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1769388 - imapsync missing documentation and broken symlinks
https://bugzilla.redhat.com/show_bug.cgi?id=1769388
[ 2 ] Bug #1963674 - imapsync misses dependency to ps
https://bugzilla.redhat.com/show_bug.cgi?id=1963674
[ 3 ] Bug #1990122 - imapsync-2.140 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1990122
--------------------------------------------------------------------------------
================================================================================
liblxi-1.16-1.el8 (FEDORA-EPEL-2022-55bab0bd00)
Library with simple API for communication with LXI devices
--------------------------------------------------------------------------------
Update Information:
# liblxi v1.16 - Fix handling of send errors for TCP/RAW connections
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 3 2022 Robert Scheck <robert(a)fedoraproject.org> 1.16-1
- Upgrade to 1.16 (#2050367)
* Sun Jan 23 2022 Robert Scheck <robert(a)fedoraproject.org> 1.15-1
- Upgrade to 1.15 (#2043963)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2050367 - liblxi-1.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2050367
--------------------------------------------------------------------------------
================================================================================
python-rencode-1.0.6-17.el8 (FEDORA-EPEL-2022-e04f53ab00)
Web safe object pickling/unpickling
--------------------------------------------------------------------------------
Update Information:
add upstream commits with CVE-2021-40839 fix , which is the same bug issue of
"3-byte packet DoS"
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 25 2022 S��rgio Basto <sergio(a)serjux.com> - 1.0.6-17
- Fix CVE-2021-40839
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.6-16
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.6-15
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 1.0.6-14
- Rebuilt for Python 3.10
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.6-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Oct 5 2020 Orion Poplawski <orion(a)nwra.com> - 1.0.6-12
- Add BR python3-setuptools
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.6-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2003754 - python-rencode: rencode 3-byte packet DoS [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2003754
[ 2 ] Bug #2004110 - CVE-2021-40839 python-rencode: an infinite loop in typecode
decoding allowing a remote DoS [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2004110
--------------------------------------------------------------------------------
================================================================================
retrace-server-1.24.1-1.el8 (FEDORA-EPEL-2022-9f84c5d875)
Application for remote coredump analysis
--------------------------------------------------------------------------------
Update Information:
New upstream release 1.24.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 7 2022 Packit Service <user-cont-team+packit-service(a)redhat.com> -
1.24.1-1
- Release version 1.24.1-1 (Mat��j Grabovsk��)
- retrace-server-interact: Fix traceback for non-existent gid (Dave Wysochanski)
- Revert "Bump Meson dependency to 0.59.0" (Mat��j Grabovsk��)
- coverage: Set Git root directory (Mat��j Grabovsk��)
- Bump Meson dependency to 0.59.0 (Mat��j Grabovsk��)
- meson: Copy spec file to build directory (Mat��j Grabovsk��)
- bugzilla-query: Shorten lines that exceed 79 columns per PEP-0008 (Dave Wysochanski)
- bugzilla-query: Use 'limit' and search only recently modified bugs (Dave
Wysochanski)
- manager: Add existence and permissions check of custom_url to avoid failed tasks (Dave
Wysochanski)
- Replace TASK_RETRACE with TASK_COREDUMP and start_retrace with start_coredump (Dave
Wysochanski)
- Fix typos (Michal Fabik)
- Update translations (Mat��j Grabovsk��)
- readme: Add Codecov badge (Mat��j Grabovsk��)
- test: Add test cases for human_readable_size() (Mat��j Grabovsk��)
- util: Print 1024 bytes as 1.00 kB (Mat��j Grabovsk��)
- Calculate and upload code coverage to Codecov (Mat��j Grabovsk��)
- retrace-server-task: Improve verbose error message when 'create' fails (Dave
Wysochanski)
- retrace: Handle vmware .vmsn kernel version detection with heuristic (Dave Wysochanski)
- manager: Disallow NULL string in custom core location on manager page (Dave
Wysochanski)
- man: Cleanup retrace-server-worker man page (Dave Wysochanski)
- retrace-server-task: Fix Traceback with no arguments (Dave Wysochanski)
- test: Fix for Python < 3.8 (Mat��j Grabovsk��)
- Update dependencies (Mat��j Grabovsk��)
- podman: Unify string quotes (Mat��j Grabovsk��)
- test: Expand Podman backend tests (Mat��j Grabovsk��)
- test: Remove old test, create new one (Mat��j Grabovsk��)
- c2p: Improve Pythonic code style (Mat��j Grabovsk��)
- retrace: Escape regex strings properly (Mat��j Grabovsk��)
- create: Be more explicit in calculations (Mat��j Grabovsk��)
- r-s-reposync-faf: Remove obsolete Pylint directive (Mat��j Grabovsk��)
- podman: Pass `check` explicitly to `run()` (Mat��j Grabovsk��)
- Add type annotations where appropriate (Mat��j Grabovsk��)
- retrace,util: Improve code style (Mat��j Grabovsk��)
- config: Iterate dictionary directly (Mat��j Grabovsk��)
- config: Rename variables for conformity (Mat��j Grabovsk��)
- plugin: Rename variables for conformity (Mat��j Grabovsk��)
- pylintrc: Do not warn about missing docstrings (Mat��j Grabovsk��)
- Fix bare `except` occurrences (Mat��j Grabovsk��)
- readme: Add badge for build status (Mat��j Grabovsk��)
--------------------------------------------------------------------------------
================================================================================
rpki-client-7.6-1.el8 (FEDORA-EPEL-2022-10c31306b2)
RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:
# rpki-client 7.6 - Enforce the correct namespace of rrdp files. - Fail
certificate verification if a certificate contains unknown critical extensions.
- Improve cleanup of rrdp directory contents. - Introduce a validated cache
which holds all the files that have successfully been verified by `rpki-client`.
- Add a new option `-f <file>` to validate a signed object in a file against the
RPKI cache.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 7 2022 Robert Scheck <robert(a)fedoraproject.org> 7.6-1
- Upgrade to 7.6 (#2051736)
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2051736 - rpki-client-7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2051736
--------------------------------------------------------------------------------
================================================================================
uglify-js3-3.15.1-1.el8 (FEDORA-EPEL-2022-5e35234faf)
JavaScript parser, mangler/compressor and beautifier toolkit
--------------------------------------------------------------------------------
Update Information:
Uglify-JS 3.15.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 7 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 3.15.1-1
- Update to 3.15.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2051343 - uglify-js-3.15.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2051343
--------------------------------------------------------------------------------