The following Fedora EPEL 8 Security updates need testing: Age URL 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a32cbcaa37 tcpreplay-4.3.3-1.el8 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-232e4f7411 python-django-2.2.13-1.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-18fb909316 znc-1.8.1-1.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-3c9503ab68 libmp4v2-2.1.0-0.21.trunkREV507.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f64e687c3f lynis-3.0.0-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c047cbdfd0 hostapd-2.9-4.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4d185f6e16 alpine-2.23-2.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing chromium-83.0.4103.116-2.el8 gnucobol-3.1-3.el8 libconfuse-3.3-1.el8 libxsmm-1.16-2.el8 perl-DateTime-Set-0.3900-12.el8 perl-Set-Infinite-0.65-29.el8 python-catkin_pkg-0.4.22-1.el8 python-rosinstall_generator-0.1.21-1.el8 resalloc-3.3-1.el8 snapd-2.45.1-1.el8 trojan-1.16.0-4.el8 Details about builds: ================================================================================ chromium-83.0.4103.116-2.el8 (FEDORA-EPEL-2020-6e0d8564ec) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Update to 83.0.4103.116. Fixes CVE-2020-6509. ---- Black Lives Matter. Saying this does not mean that other lives do not matter. It should not be controversial to say this. If I say Chromium updates matter, it does not mean that other Fedora packages do not matter, it means that a Chromium update is needed to fix this giant pile of severe security vulnerabilities, here, today, now: CVE-2020-6463 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 In making that analogy, I do not intend to trivialize BLM. In no way do I mean to compare the lives of people to a silly web browser update. People are infinitely important than software. But since I'm here to push this software update out, I am also choosing to say clearly and unambiguously that Black Lives Matter. Open Source proves that many voices, many contributions, together can change the world. It depends on it. This is my voice. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 23 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 83.0.4103.116-2 - do not force ozone into x11 * Tue Jun 23 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 83.0.4103.116-1 - update to 83.0.4103.116 * Thu Jun 18 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 83.0.4103.106-1 - update to 83.0.4103.106 - remove duplicate ServiceWorker fix - add fix to work around gcc bug on aarch64 - disable python byte compiling (we do not need it) * Tue Jun 16 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 83.0.4103.97-5 - add ServiceWorker fix * Mon Jun 15 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 83.0.4103.97-4 - use old cups handling on epel7 - fix skia attribute overrides with gcc * Wed Jun 10 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 83.0.4103.97-3 - fix issue on epel7 where linux/kcmp.h does not exist * Mon Jun 8 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 83.0.4103.97-2 - more fixes from gentoo * Sun Jun 7 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 83.0.4103.97-1 - update to 83.0.4103.97 * Tue Jun 2 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 83.0.4103.61-1 - update to 83.0.4103.61 - conditionalize and disable remoting -------------------------------------------------------------------------------- References: [ 1 ] Bug #1837877 - CVE-2020-6465 chromium-browser: Use after free in reader mode https://bugzilla.redhat.com/show_bug.cgi?id=1837877 [ 2 ] Bug #1837878 - CVE-2020-6466 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1837878 [ 3 ] Bug #1837879 - CVE-2020-6467 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1837879 [ 4 ] Bug #1837880 - CVE-2020-6468 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1837880 [ 5 ] Bug #1837882 - CVE-2020-6470 chromium-browser: Insufficient validation of untrusted input in clipboard https://bugzilla.redhat.com/show_bug.cgi?id=1837882 [ 6 ] Bug #1837883 - CVE-2020-6471 chromium-browser: Insufficient policy enforcement in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1837883 [ 7 ] Bug #1837884 - CVE-2020-6472 chromium-browser: Insufficient policy enforcement in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1837884 [ 8 ] Bug #1837885 - CVE-2020-6473 chromium-browser: Insufficient policy enforcement in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1837885 [ 9 ] Bug #1837886 - CVE-2020-6474 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1837886 [ 10 ] Bug #1837887 - CVE-2020-6475 chromium-browser: Incorrect security UI in full screen https://bugzilla.redhat.com/show_bug.cgi?id=1837887 [ 11 ] Bug #1837888 - CVE-2020-6477 chromium-browser: Inappropriate implementation in installer https://bugzilla.redhat.com/show_bug.cgi?id=1837888 [ 12 ] Bug #1837889 - CVE-2020-6478 chromium-browser: Inappropriate implementation in full screen https://bugzilla.redhat.com/show_bug.cgi?id=1837889 [ 13 ] Bug #1837890 - CVE-2020-6480 chromium-browser: Insufficient policy enforcement in enterprise https://bugzilla.redhat.com/show_bug.cgi?id=1837890 [ 14 ] Bug #1837891 - CVE-2020-6481 chromium-browser: Insufficient policy enforcement in URL formatting https://bugzilla.redhat.com/show_bug.cgi?id=1837891 [ 15 ] Bug #1837892 - CVE-2020-6482 chromium-browser: Insufficient policy enforcement in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1837892 [ 16 ] Bug #1837893 - CVE-2020-6483 chromium-browser: Insufficient policy enforcement in payments https://bugzilla.redhat.com/show_bug.cgi?id=1837893 [ 17 ] Bug #1837894 - CVE-2020-6484 chromium-browser: Insufficient data validation in ChromeDriver https://bugzilla.redhat.com/show_bug.cgi?id=1837894 [ 18 ] Bug #1837896 - CVE-2020-6485 chromium-browser: Insufficient data validation in media router https://bugzilla.redhat.com/show_bug.cgi?id=1837896 [ 19 ] Bug #1837897 - CVE-2020-6486 chromium-browser: Insufficient policy enforcement in navigations https://bugzilla.redhat.com/show_bug.cgi?id=1837897 [ 20 ] Bug #1837898 - CVE-2020-6487 chromium-browser: Insufficient policy enforcement in downloads https://bugzilla.redhat.com/show_bug.cgi?id=1837898 [ 21 ] Bug #1837899 - CVE-2020-6488 chromium-browser: Insufficient policy enforcement in downloads https://bugzilla.redhat.com/show_bug.cgi?id=1837899 [ 22 ] Bug #1837900 - CVE-2020-6489 chromium-browser: Inappropriate implementation in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1837900 [ 23 ] Bug #1837901 - CVE-2020-6490 chromium-browser: Insufficient data validation in loader https://bugzilla.redhat.com/show_bug.cgi?id=1837901 [ 24 ] Bug #1837902 - CVE-2020-6491 chromium-browser: Incorrect security UI in site information https://bugzilla.redhat.com/show_bug.cgi?id=1837902 [ 25 ] Bug #1837907 - CVE-2020-6469 chromium-browser: Insufficient policy enforcement in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=1837907 [ 26 ] Bug #1837912 - CVE-2020-6476 chromium-browser: Insufficient policy enforcement in tab strip https://bugzilla.redhat.com/show_bug.cgi?id=1837912 [ 27 ] Bug #1837927 - CVE-2020-6479 chromium-browser: Inappropriate implementation in sharing https://bugzilla.redhat.com/show_bug.cgi?id=1837927 [ 28 ] Bug #1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=1840893 [ 29 ] Bug #1847268 - CVE-2020-6505 chromium-browser: Use after free in speech https://bugzilla.redhat.com/show_bug.cgi?id=1847268 [ 30 ] Bug #1847269 - CVE-2020-6506 chromium-browser: Insufficient policy enforcement in WebView https://bugzilla.redhat.com/show_bug.cgi?id=1847269 [ 31 ] Bug #1847270 - CVE-2020-6507 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1847270 [ 32 ] Bug #1849947 - CVE-2020-6509 chromium-browser: Use after free in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1849947 -------------------------------------------------------------------------------- ================================================================================ gnucobol-3.1-3.el8 (FEDORA-EPEL-2020-9ee16640e9) COBOL compiler -------------------------------------------------------------------------------- Update Information: Initial build. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1823419 - Review Request: gnucobol - COBOL compiler https://bugzilla.redhat.com/show_bug.cgi?id=1823419 -------------------------------------------------------------------------------- ================================================================================ libconfuse-3.3-1.el8 (FEDORA-EPEL-2020-728b57bd69) A configuration file parser library -------------------------------------------------------------------------------- Update Information: 3.3 -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 25 2020 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 3.3-1 - 3.3 * Wed Jan 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.2.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1850898 - libconfuse-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1850898 -------------------------------------------------------------------------------- ================================================================================ libxsmm-1.16-2.el8 (FEDORA-EPEL-2020-182089eebc) Small dense or sparse matrix multiplications and convolutions for x86_64 -------------------------------------------------------------------------------- Update Information: New version with fairly minor improvements: https://github.com/hfp/libxsmm/releases -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 24 2020 Dave Love <loveshack@xxxxxxxxxxxxxxxxx> - 1.16-2 - Clean samples/cp2k/obj - Maybe use devtoolset-9, not -6 * Fri Jun 19 2020 Dave Love <loveshack@xxxxxxxxxxxxxxxxx> - 1.16-1 - New version * Sat Mar 14 2020 Dave love <loveshack@xxxxxxxxxxxxxxxxx> - 1.15-1 - New version - Drop _legacy_common_support - Remove installed modules file - Fix cleanup in %check - Define OMPLIB for backport to EL7 * Wed Feb 5 2020 Dave love <loveshack@xxxxxxxxxxxxxxxxx> - 1.14-3 - Fix FTBFS with GCC 10 * Wed Jan 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-Set-0.3900-12.el8 (FEDORA-EPEL-2020-1a69cd3a87) Datetime sets and set math -------------------------------------------------------------------------------- Update Information: Added new package to EPEL 8. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1850767 - Add perl-DateTime-Set to EPEL8 / co-maintainer request https://bugzilla.redhat.com/show_bug.cgi?id=1850767 -------------------------------------------------------------------------------- ================================================================================ perl-Set-Infinite-0.65-29.el8 (FEDORA-EPEL-2020-1a69cd3a87) Sets of intervals -------------------------------------------------------------------------------- Update Information: Added new package to EPEL 8. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1850767 - Add perl-DateTime-Set to EPEL8 / co-maintainer request https://bugzilla.redhat.com/show_bug.cgi?id=1850767 -------------------------------------------------------------------------------- ================================================================================ python-catkin_pkg-0.4.22-1.el8 (FEDORA-EPEL-2020-a21a592637) Library for retrieving information about catkin packages -------------------------------------------------------------------------------- Update Information: Update to the latest `catkin_pkg` release. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 25 2020 Scott K Logan <logans@xxxxxxxxxxx> - 0.4.22-1 - Update to 0.4.22 (rhbz#1850827) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1850827 - python-catkin_pkg-0.4.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1850827 -------------------------------------------------------------------------------- ================================================================================ python-rosinstall_generator-0.1.21-1.el8 (FEDORA-EPEL-2020-19b2a47519) Generates rosinstall files -------------------------------------------------------------------------------- Update Information: Update to the latest `rosinstall_generator` release. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 25 2020 Scott K Logan <logans@xxxxxxxxxxx> - 0.1.21-1 - Update to 0.1.21 (rhbz#1850826) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1850826 - python-rosinstall_generator-0.1.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1850826 -------------------------------------------------------------------------------- ================================================================================ resalloc-3.3-1.el8 (FEDORA-EPEL-2020-05bf544012) Resource allocator for expensive resources - client tooling -------------------------------------------------------------------------------- Update Information: new release, mostly fixing one bug causing traceback on too-long stdout output from cmd_alloc -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 25 2020 Pavel Raiskup <praiskup@xxxxxxxxxx> - 3.3-1 - new release, mostly fixing one bug causing traceback on too-long stdout output from AllocWorker script -------------------------------------------------------------------------------- ================================================================================ snapd-2.45.1-1.el8 (FEDORA-EPEL-2020-458674250d) A transactional software package manager -------------------------------------------------------------------------------- Update Information: Update to 2.45.1 for bugfixes. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2020 Maciek Borzecki <maciek.borzecki@xxxxxxxxx> - 2.45.1-1 - Release 2.45.1 to Fedora (RHBZ#1844628) - Drop cherry-picked patches that are part of the release * Fri Jun 5 2020 Michael Vogt <mvo@xxxxxxxxxx> - New upstream release 2.45.1 - data/selinux: allow checking /var/cache/app-info - cmd/snap-confine: add support for libc6-lse - interfaces: miscellanious policy updates xlv - snap-bootstrap: remove sealed key file on reinstall - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/ - gadget: make ext4 filesystems with or without metadata checksum - interfaces/fwupd: allow bind mount to /boot on core - tests: cherry-pick test fixes from master - snap/squashfs: also symlink snap Install with uc20 seed snap dir layout - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed devices - snap,many: mv Open to snapfile pkg to support add'l options to Container methods - interfaces/builtin/desktop: do not mount fonts cache on distros with quirks - devicestate, sysconfig: revert support for cloud.cfg.d/ in the gadget - data/completion, packaging: cherry-pick zsh completion - state: log task errors in the journal too - devicestate: do not report "ErrNoState" for seeded up - interfaces/desktop: silence more /var/lib/snapd/desktop/icons denials - packaging/fedora: disable FIPS compliant crypto for static binaries - packaging: stop depending on python-docutils -------------------------------------------------------------------------------- References: [ 1 ] Bug #1844628 - snapd-2.45.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1844628 -------------------------------------------------------------------------------- ================================================================================ trojan-1.16.0-4.el8 (FEDORA-EPEL-2020-d287e1297a) An unidentifiable mechanism that helps you avoid censorship -------------------------------------------------------------------------------- Update Information: Release Trojan for EPEL -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
