Fedora EPEL 7 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad   pngcheck-2.4.0-2.el7
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d69636a383   tor-0.3.5.12-1.el7
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0fe15b3c39   rpki-client-6.8p1-1.el7
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-62ef58ec56   openssl11-1.1.1g-1.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-46fc6c7982   seamonkey-2.53.5-2.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    chromium-86.0.4240.198-1.el7
    python-ldap3-2.8.1-2.el7

Details about builds:


================================================================================
 chromium-86.0.4240.198-1.el7 (FEDORA-EPEL-2020-3097b2d5db)
 A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:

Update to 86.0.4240.198. Fixes the following security issues:  CVE-2020-16013
CVE-2020-16016 CVE-2020-16017  ----  Update to 86.0.4240.183.   Fixes the
following security issues: CVE-2020-16004 CVE-2020-16005 CVE-2020-16006
CVE-2020-16008 CVE-2020-16009  Also disables the very verbose output going to
stdout.  ----  Update to Chromium 86. A few big things here:  1. Upstream has
made hardware accelerated video support (VAAPI) for Linux possible without
patches. One key difference is that the patchset used previously in Fedora
enabled it by default and upstream's approach disables it by default. To enable
Hardware accelerated video in chromium, open this link in chromium:
chrome://flags/#enable-accelerated-video-decode  Be sure it is turned on. Note
that not all GPUs are supported.  2. All the security fixes you expect with a
major release:  CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970
CVE-2020-15971 CVE-2020-15972 CVE-2020-15990  CVE-2020-15991 CVE-2020-15973
CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-6557  CVE-2020-15977
CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982
CVE-2020-15983 CVE-2020-15984  CVE-2020-15985 CVE-2020-15986 CVE-2020-15987
CVE-2020-15992 CVE-2020-15988 CVE-2020-15989 CVE-2020-16000  CVE-2020-16001
CVE-2020-16002 CVE-2020-16003  3. The EPEL-7 build no longer requires minizip,
because Red Hat removed that package in RHEL 7.9.  4. Without bats acting as
pollinators, agave and cacao plants would struggle. That means that bats are
responsible for tequila and chocolate.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 12 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.198-1
- update to 86.0.4240.198
* Tue Nov 10 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.193-1
- update to 86.0.4240.193
* Wed Nov  4 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.183-1
- update to 86.0.4240.183
* Mon Nov  2 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.111-2
- fix conditional typo that was causing console logging to be turned on
* Wed Oct 21 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.111-1
- update to 86.0.4240.111
* Tue Oct 20 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.75-2
- use bundled zlib/minizip on el7 (thanks Red Hat. :P)
* Wed Oct 14 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 86.0.4240.75-1
- update to 86.0.4240.75
* Mon Sep 28 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 85.0.4183.121-2
- rebuild for libevent
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1885883 - CVE-2020-15967 chromium-browser: Use after free in payments
        https://bugzilla.redhat.com/show_bug.cgi?id=1885883
  [ 2 ] Bug #1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1885884
  [ 3 ] Bug #1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1885885
  [ 4 ] Bug #1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC
        https://bugzilla.redhat.com/show_bug.cgi?id=1885886
  [ 5 ] Bug #1885887 - CVE-2020-15971 chromium-browser: Use after free in printing
        https://bugzilla.redhat.com/show_bug.cgi?id=1885887
  [ 6 ] Bug #1885888 - CVE-2020-15972 chromium-browser: Use after free in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1885888
  [ 7 ] Bug #1885889 - CVE-2020-15990 chromium-browser: Use after free in autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=1885889
  [ 8 ] Bug #1885890 - CVE-2020-15991 chromium-browser: Use after free in password manager
        https://bugzilla.redhat.com/show_bug.cgi?id=1885890
  [ 9 ] Bug #1885891 - CVE-2020-15973 chromium-browser: Insufficient policy enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1885891
  [ 10 ] Bug #1885892 - CVE-2020-15974 chromium-browser: Integer overflow in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1885892
  [ 11 ] Bug #1885893 - CVE-2020-15975 chromium-browser: Integer overflow in SwiftShader
        https://bugzilla.redhat.com/show_bug.cgi?id=1885893
  [ 12 ] Bug #1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR
        https://bugzilla.redhat.com/show_bug.cgi?id=1885894
  [ 13 ] Bug #1885896 - CVE-2020-6557 chromium-browser: Inappropriate implementation in networking
        https://bugzilla.redhat.com/show_bug.cgi?id=1885896
  [ 14 ] Bug #1885897 - CVE-2020-15977 chromium-browser: Insufficient data validation in dialogs
        https://bugzilla.redhat.com/show_bug.cgi?id=1885897
  [ 15 ] Bug #1885899 - CVE-2020-15978 chromium-browser: Insufficient data validation in navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=1885899
  [ 16 ] Bug #1885901 - CVE-2020-15979 chromium-browser: Inappropriate implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1885901
  [ 17 ] Bug #1885902 - CVE-2020-15980 chromium-browser: Insufficient policy enforcement in Intents
        https://bugzilla.redhat.com/show_bug.cgi?id=1885902
  [ 18 ] Bug #1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1885903
  [ 19 ] Bug #1885904 - CVE-2020-15982 chromium-browser: Side-channel information leakage in cache
        https://bugzilla.redhat.com/show_bug.cgi?id=1885904
  [ 20 ] Bug #1885905 - CVE-2020-15983 chromium-browser: Insufficient data validation in webUI
        https://bugzilla.redhat.com/show_bug.cgi?id=1885905
  [ 21 ] Bug #1885906 - CVE-2020-15984 chromium-browser: Insufficient policy enforcement in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1885906
  [ 22 ] Bug #1885907 - CVE-2020-15985 chromium-browser: Inappropriate implementation in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1885907
  [ 23 ] Bug #1885908 - CVE-2020-15986 chromium-browser: Integer overflow in media
        https://bugzilla.redhat.com/show_bug.cgi?id=1885908
  [ 24 ] Bug #1885909 - CVE-2020-15987 chromium-browser: Use after free in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1885909
  [ 25 ] Bug #1885910 - CVE-2020-15992 chromium-browser: Insufficient policy enforcement in networking
        https://bugzilla.redhat.com/show_bug.cgi?id=1885910
  [ 26 ] Bug #1885911 - CVE-2020-15988 chromium-browser: Insufficient policy enforcement in downloads
        https://bugzilla.redhat.com/show_bug.cgi?id=1885911
  [ 27 ] Bug #1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1885912
  [ 28 ] Bug #1890266 - CVE-2020-16000 chromium-browser: Inappropriate implementation in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1890266
  [ 29 ] Bug #1890267 - CVE-2020-16001 chromium-browser: Use after free in media
        https://bugzilla.redhat.com/show_bug.cgi?id=1890267
  [ 30 ] Bug #1890268 - CVE-2020-16002 chromium-browser: Use after free in PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1890268
  [ 31 ] Bug #1890269 - CVE-2020-16003 chromium-browser: Use after free in printing
        https://bugzilla.redhat.com/show_bug.cgi?id=1890269
  [ 32 ] Bug #1894197 - CVE-2020-16004 chromium-browser: Use after free in user interface
        https://bugzilla.redhat.com/show_bug.cgi?id=1894197
  [ 33 ] Bug #1894198 - CVE-2020-16005 chromium-browser: Insufficient policy enforcement in ANGLE
        https://bugzilla.redhat.com/show_bug.cgi?id=1894198
  [ 34 ] Bug #1894199 - CVE-2020-16006 chromium-browser: Inappropriate implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1894199
  [ 35 ] Bug #1894201 - CVE-2020-16008 chromium-browser: Stack buffer overflow in WebRTC
        https://bugzilla.redhat.com/show_bug.cgi?id=1894201
  [ 36 ] Bug #1894202 - CVE-2020-16009 chromium-browser: Inappropriate implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1894202
  [ 37 ] Bug #1896641 - CVE-2020-16016 chromium-browser: Inappropriate implementation in base
        https://bugzilla.redhat.com/show_bug.cgi?id=1896641
  [ 38 ] Bug #1897206 - CVE-2020-16013 chromium-browser: Inappropriate implementation in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1897206
  [ 39 ] Bug #1897207 - CVE-2020-16017 chromium-browser: Use after free in site isolation
        https://bugzilla.redhat.com/show_bug.cgi?id=1897207
--------------------------------------------------------------------------------


================================================================================
 python-ldap3-2.8.1-2.el7 (FEDORA-EPEL-2020-0217e30a40)
 Strictly RFC 4511 conforming LDAP V3 pure Python client
--------------------------------------------------------------------------------
Update Information:

Use available pyasn1 version for epel7
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 16 2020 Avram Lubkin <aviso@xxxxxxxxxxxxxx> - 2.8.1-2
- Use available pyasn1 version for epel7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1896892 - python2-ldap3--2.8.1-1.el7 doesn't work due to pyasn1 version in rhel7
        https://bugzilla.redhat.com/show_bug.cgi?id=1896892
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux