The following Fedora EPEL 8 Security updates need testing: Age URL 35 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e00c3d01e cutter-re-2.2.0-1.el8 rizin-0.5.1-1.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-78b54db021 rnp-0.16.3-1.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7f77917637 dr_libs-0-0.20.20230412git4b3d078.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e5c5d6dbdb suricata-6.0.11-1.el8 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9631f50abc chromium-112.0.5615.121-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
gnome-shell-extension-system-monitor-applet-38-23.20230420git21d7b4e.el8 libsignal-protocol-c-2.3.3-8.el8 remmina-1.4.30-2.el8
Details about builds:
================================================================================ gnome-shell-extension-system-monitor-applet-38-23.20230420git21d7b4e.el8 (FEDORA-EPEL-2023-0925a27b2d) A Gnome shell system monitor extension -------------------------------------------------------------------------------- Update Information:
Migrated to SPDX license -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 20 2023 Nicolas Vi��ville nicolas.vieville@uphf.fr - 1:38-23.20230420git21d7b4e - Migrated to SPDX license - Add patch for gnome-shell < 3.34 (rhel 8) - RHBZ#2184351 - Add patch for compatibility with gnome-shell 44 - RHBZ#2188339 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2184351 - Regression / Update breaks ext in RHEL8 / TypeError: GObject.registerClass() used with invalid base class https://bugzilla.redhat.com/show_bug.cgi?id=2184351 [ 2 ] Bug #2188339 - system-monitor-applet not compatible with GNOME 44 https://bugzilla.redhat.com/show_bug.cgi?id=2188339 --------------------------------------------------------------------------------
================================================================================ libsignal-protocol-c-2.3.3-8.el8 (FEDORA-EPEL-2023-4f43a624e1) Signal Protocol C library -------------------------------------------------------------------------------- Update Information:
Backport a fix for [CVE-2022-48468](https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2022-48468) for [protobuf-c](https://github.com/protobuf-c/protobuf-c), which is bundled in `libsignal-protocol-c`. https://github.com/protobuf-c/protobuf- c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217 https://github.com/protobuf-c/protobuf-c/issues/499 https://github.com/protobuf-c/protobuf-c/pull/513 https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 19 2023 Randy Barlow bowlofeggs@fedoraproject.org - 2.3.3-8 - Fix CVE-2022-48468: unsigned integer overflow (#2186673). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2186674 - CVE-2022-48468 libsignal-protocol-c: protobuf-c: an unsigned integer overflow in parse_required_member [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2186674 [ 2 ] Bug #2186675 - CVE-2022-48468 libsignal-protocol-c: protobuf-c: an unsigned integer overflow in parse_required_member [fedora-36] https://bugzilla.redhat.com/show_bug.cgi?id=2186675 --------------------------------------------------------------------------------
================================================================================ remmina-1.4.30-2.el8 (FEDORA-EPEL-2023-d2f1b8755e) Remote Desktop Client -------------------------------------------------------------------------------- Update Information:
Add patch: 0010_remmina_fix_vnc_crash_domain_socket_c6adb35b.patch -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 20 2023 Phil Wyett philip.wyett@kathenas.org - 1.4.30-2 - Add patch: 0001_remmina_fix_vnc_crash_domain_socket.patch --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org