The following Fedora EPEL 8 Security updates need testing: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1563c1eaf3 chromium-78.0.3904.97-1.el8 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d9bc350179 mingw-libidn2-2.3.0-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-288e46f2d9 jhead-3.04-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing clamav-0.101.5-1.el8 pspg-2.6.0-1.el8 Details about builds: ================================================================================ clamav-0.101.5-1.el8 (FEDORA-EPEL-2019-52445f11c2) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information: - Drop clamd@scan.service file (bz#1725810) ClamAV 0.101.5 is a security patch release that addresses the following issues. - CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation. - Added the zip scanning improvements found in v0.102.0 where it scans files using zip records from a sorted catalogue which provides deduplication of file records resulting in faster extraction and scan time and reducing the likelihood of alerting on non-malicious duplicate file entries as overlapping files. - Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu. - Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library. - Null-dereference fix in email parser when using the --gen-json metadata option. ---- Add TimeoutStartSec=420 to clamd@.service to match upstream -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 23 2019 Orion Poplawski <orion@xxxxxxxx> - 0.101.5-1 - Update to 0.101.5 (CVE-2019-15961) (bz#1775550) * Mon Nov 18 2019 Orion Poplawski <orion@xxxxxxxx> - 0.101.4-3 - Drop clamd@scan.service file (bz#1725810) - Change /var/run to /run * Mon Nov 18 2019 Orion Poplawski <orion@xxxxxxxx> - 0.101.4-2 - Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1631525 - clamav: clamscan --get-json does not output JSON https://bugzilla.redhat.com/show_bug.cgi?id=1631525 [ 2 ] Bug #1775550 - Request to build clamav 0.101.5 for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1775550 [ 3 ] Bug #1725810 - /usr/lib/systemd/system/clamd@scan.service:1: .include directives are deprecated https://bugzilla.redhat.com/show_bug.cgi?id=1725810 [ 4 ] Bug #1764835 - clamd at 100% CPU and SystemD keeps restarting clamd https://bugzilla.redhat.com/show_bug.cgi?id=1764835 -------------------------------------------------------------------------------- ================================================================================ pspg-2.6.0-1.el8 (FEDORA-EPEL-2019-72ef432359) A unix pager optimized for psql -------------------------------------------------------------------------------- Update Information: new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/2.6.0 ---- new upstream release -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 24 2019 Pavel Raiskup <praiskup@xxxxxxxxxx> - 2.6.0-1 - new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/2.6.0 * Tue Nov 19 2019 Pavel Raiskup <praiskup@xxxxxxxxxx> - 2.5.5-1 - new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/2.5.3 https://github.com/okbob/pspg/releases/tag/2.5.4 https://github.com/okbob/pspg/releases/tag/2.5.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1775977 - pspg-2.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1775977 [ 2 ] Bug #1768349 - pspg-2.5.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1768349 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
