The following Fedora EPEL 8 Security updates need testing: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-83cd17b92f nrpe-4.0.2-2.el8 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-8fcf741d7f cacti-1.2.11-1.el8 cacti-spine-1.2.11-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-dfc01a6be3 chromium-81.0.4044.113-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing ansible-2.9.7-1.el8 colordiff-1.0.19-1.el8 darktable-3.0.2-1.el8 libwebsockets-4.0.1-2.el8 mosquitto-1.6.9-2.el8 oval-graph-1.1.1-1.el8 pylibacl-0.5.4-3.el8 python-dominate-2.5.1-1.el8 python-scramp-1.1.1-1.el8 python-winsspi-0.0.9-1.el8 terminator-1.92-1.el8 testcloud-0.3.2-1.el8 votca-csg-1.6-1.el8 votca-tools-1.6-1.el8 votca-xtp-1.6-1.el8 Details about builds: ================================================================================ ansible-2.9.7-1.el8 (FEDORA-EPEL-2020-5af12f8767) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Update to bugfix and security update 2.9.7. See https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst for detailed changes. ---- Update to upstream 2.9.6 and fix for 2 CVES: CVE-2020-1737, CVE-2020-1739 -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 18 2020 Kevin Fenzi <kevin@xxxxxxxxx> - 2.9.7-1 - Update to 2.9.7. - fixes CVE-2020-1733 CVE-2020-1735 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 CVE-2020-10684 CVE-2020-10685 CVE-2020-10691 - Drop the -s from the shebang to allow ansible to use locally installed modules. * Fri Mar 6 2020 Kevin Fenzi <kevin@xxxxxxxxx> - 2.9.6-1 - Update to 2.9.6. Fixes bug #1810373 - fixes for CVE-2020-1737, CVE-2020-1739 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1805319 - CVE-2020-1740 ansible: secrets readable after ansible-vault edit [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805319 [ 2 ] Bug #1805322 - CVE-2020-1739 ansible: svn module leaks password when specified as a parameter [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805322 [ 3 ] Bug #1805326 - CVE-2020-1738 ansible: module package can be selected by the ansible facts [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805326 [ 4 ] Bug #1805329 - CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not check extracted path [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805329 [ 5 ] Bug #1805332 - CVE-2020-1736 ansible: atomic_move primitive sets permissive permissions [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805332 [ 6 ] Bug #1805336 - CVE-2020-1735 ansible: path injection on dest parameter in fetch module [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805336 [ 7 ] Bug #1805339 - CVE-2020-1734 ansible: shell enabled by default in a pipe lookup plugin subprocess [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805339 [ 8 ] Bug #1805342 - CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1805342 [ 9 ] Bug #1808472 - CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and ldap_entry modules [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1808472 [ 10 ] Bug #1810373 - ansible-2.9.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1810373 [ 11 ] Bug #1811933 - CVE-2020-1753 ansible: kubectl connection plugin leaks sensitive information [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1811933 [ 12 ] Bug #1816311 - CVE-2020-10684 ansible: code injection when using ansible_facts as a subkey [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1816311 [ 13 ] Bug #1816312 - CVE-2020-10685 ansible: modules which use files encrypted with vault are not properly cleaned up [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1816312 [ 14 ] Bug #1817979 - CVE-2020-10691 ansible: archive traversal vulnerability in ansible-galaxy collection install [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1817979 [ 15 ] Bug #1825070 - ansible-2.9.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825070 -------------------------------------------------------------------------------- ================================================================================ colordiff-1.0.19-1.el8 (FEDORA-EPEL-2020-c099c5066b) Color terminal highlighter for diff files -------------------------------------------------------------------------------- Update Information: Update to 1.0.19. Changes in this version: * Add `difffile` color option, allowing more git-like coloring (separate color for header of each changed file) * Provide support for 24-bit colour strings -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 19 2020 Richard Fearn <richardfearn@xxxxxxxxx> - 1.0.19-1 - Update to 1.0.19 * Tue Jan 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.18-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ darktable-3.0.2-1.el8 (FEDORA-EPEL-2020-96d9d5c5bc) Utility to organize and develop raw images -------------------------------------------------------------------------------- Update Information: 3.0.2 release -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 18 2020 Germano Massullo <germano.massullo@xxxxxxxxx> - 3.0.2-1 - 3.0.2 release - Removed 4447-legacy_params.patch -------------------------------------------------------------------------------- ================================================================================ libwebsockets-4.0.1-2.el8 (FEDORA-EPEL-2020-61ef29a530) A lightweight C library for Websockets -------------------------------------------------------------------------------- Update Information: This is the libwebsockets C library for lightweight websocket clients and servers. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ mosquitto-1.6.9-2.el8 (FEDORA-EPEL-2020-1f0e0e9d03) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information: Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ oval-graph-1.1.1-1.el8 (FEDORA-EPEL-2020-1860fb4343) Tool for visualization of SCAP rule evaluation results -------------------------------------------------------------------------------- Update Information: release 1.1.1 ---- Fixes the required dependency ---- release 1.1.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 17 2020 Jan Rodak <jrodak@xxxxxxxxxx> - 1.1.1-1 - release 1.1.1 * Fri Apr 17 2020 Jan Rodak <jrodak@xxxxxxxxxx> - 1.1.0-2 - Fixes the required dependency * Wed Apr 15 2020 Jan Rodak <jrodak@xxxxxxxxxx> - 1.1.0-1 - release 1.1.0 -------------------------------------------------------------------------------- ================================================================================ pylibacl-0.5.4-3.el8 (FEDORA-EPEL-2020-1fa883bc10) POSIX.1e ACLs library wrapper for Python -------------------------------------------------------------------------------- Update Information: Release for EPEL-8 with Python2 and Python3 versions -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ python-dominate-2.5.1-1.el8 (FEDORA-EPEL-2020-6f66312795) Python library for HTML documents -------------------------------------------------------------------------------- Update Information: Update to latest upstream release 2.5.1 (rhbz#1697397) -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ python-scramp-1.1.1-1.el8 (FEDORA-EPEL-2020-405e72da3e) An implementation of the SCRAM protocol -------------------------------------------------------------------------------- Update Information: Update to latest upstream release 1.1.1 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 29 2020 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.1.1-1 - Update to latest upstream release 1.1.1 -------------------------------------------------------------------------------- ================================================================================ python-winsspi-0.0.9-1.el8 (FEDORA-EPEL-2020-4c72fff7d9) Windows SSPI library in Python -------------------------------------------------------------------------------- Update Information: Update to latest upstream release 0.0.9 (rhbz#1821092) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 8 2020 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.0.9-1 - Update to latest upstream release 0.0.9 (rhbz#1821092) * Mon Apr 6 2020 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.0.8-1 - Update to latest upstream release 0.0.8 (rhbz#1821092) * Mon Mar 30 2020 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.0.7-1 - Use LICENSE file shipped in source tarball - Update to latest upstream release 0.0.7 (rhbz#1814977) * Fri Mar 27 2020 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 0.0.5-1 - Update to latest upstream release 0.0.5 (rhbz#1814977) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1821092 - python-winsspi-0.0.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1821092 -------------------------------------------------------------------------------- ================================================================================ terminator-1.92-1.el8 (FEDORA-EPEL-2020-6850774286) Store and run multiple GNOME terminals in one window -------------------------------------------------------------------------------- Update Information: This update brings the new Terminator release 1.92 to RHEL8 based linux installation box near you. This is the first release of the new Terminator Team at GitHub (https://github.com/gnome-terminator/terminator). It finally supports Python 3 and fixes a lot of bugs. You can find a detailed changelog here: https://github.com/gnome-terminator/terminator/blob/master/CHANGELOG.md -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ testcloud-0.3.2-1.el8 (FEDORA-EPEL-2020-ab6f9314fb) Tool for running cloud images locally -------------------------------------------------------------------------------- Update Information: - Require only libguestfs-tools-c from libguestfs - Bump default RAM size to 768 MB - Fix for libvirt >= 6.0 - Fix DeprecationWarning: invalid escape sequence \w -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 19 2020 Frantisek Zatloukal <fzatlouk@xxxxxxxxxx> - 0.3.2-1 - Require only libguestfs-tools-c from libguestfs - Bump default RAM size to 768 MB - Fix for libvirt >= 6.0 - Fix DeprecationWarning: invalid escape sequence \w -------------------------------------------------------------------------------- ================================================================================ votca-csg-1.6-1.el8 (FEDORA-EPEL-2020-a059b2b410) VOTCA coarse-graining engine -------------------------------------------------------------------------------- Update Information: Bump Votca Package to 1.6 -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 18 2020 Christoph Junghans <junghans@xxxxxxxxx> - 1.6-1 - Version bump to v1.6 (bug #1825473) * Mon Feb 10 2020 Christoph Junghans <junghans@xxxxxxxxx> - 1.6~rc2-1 - Version bump to 1.6~rc2 - Drop 473.patch - merged upstream * Fri Jan 31 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.6-0.3rc1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Dec 12 2019 Christoph Junghans <junghans@xxxxxxxxx> - 1.6-0.2rc1 - Added upstream 473.patch to fix 32bit build * Thu Dec 5 2019 Christoph Junghans <junghans@xxxxxxxxx> - 1.6-0.1rc1 - Version bump to 1.6_rc1 (bug #1779848) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1825473 - votca-csg-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825473 [ 2 ] Bug #1825474 - votca-tools-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825474 [ 3 ] Bug #1825475 - votca-xtp-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825475 -------------------------------------------------------------------------------- ================================================================================ votca-tools-1.6-1.el8 (FEDORA-EPEL-2020-a059b2b410) VOTCA tools library -------------------------------------------------------------------------------- Update Information: Bump Votca Package to 1.6 -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 18 2020 Christoph Junghans <junghans@xxxxxxxxx> - 1.6-1 - Version bump to v1.6 (bug #1825474) * Mon Feb 10 2020 Christoph Junghans <junghans@xxxxxxxxx> - 1.6~rc2-1 - Version bump to 1.6~rc2 - Drop 196.patch, 197.patch and 199.patch - merged upstream * Fri Jan 31 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.6-0.4rc1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Dec 12 2019 Christoph Junghans <junghans@xxxxxxxxx> - 1.6-0.3rc1 - Added upstream 196.patch to failing table test - Added upstream 199.patch to fix 32bit builds * Thu Dec 5 2019 Christoph Junghans <junghans@xxxxxxxxx> - 1.6-0.2rc1 - Added upstream 197.patch to fix CMake files * Thu Dec 5 2019 Christoph Junghans <junghans@xxxxxxxxx> - 1.6-0.1rc1 - Version bump to 1.6_rc1 (bug #1779862) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1825473 - votca-csg-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825473 [ 2 ] Bug #1825474 - votca-tools-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825474 [ 3 ] Bug #1825475 - votca-xtp-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825475 -------------------------------------------------------------------------------- ================================================================================ votca-xtp-1.6-1.el8 (FEDORA-EPEL-2020-a059b2b410) VOTCA excitation and charge properties module -------------------------------------------------------------------------------- Update Information: Bump Votca Package to 1.6 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1825473 - votca-csg-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825473 [ 2 ] Bug #1825474 - votca-tools-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825474 [ 3 ] Bug #1825475 - votca-xtp-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1825475 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
