The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2f9004588a chromium-87.0.4280.88-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-073e4862db phpldapadmin-1.2.6.2-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing dislocker-0.7.3-1.el7 dmlite-1.14.2-3.el7 pngcheck-2.4.0-4.el7 Details about builds: ================================================================================ dislocker-0.7.3-1.el7 (FEDORA-EPEL-2020-412a78f451) Utility to access BitLocker encrypted volumes -------------------------------------------------------------------------------- Update Information: dislocker 0.7.3 =============== This version is only used to update dislocker's brew file and the BitBake recipe for OSX's and BitBake's users to be able to download v0.7.2. If you're not an OSX nor a BitBake user, you can use either v0.7.2 or v0.7.3, this won't make any difference. dislocker 0.7.2 =============== Bugfixes -------- * Fix compilation on OSX when ruby dependency is installed Feature improvement ------------------- * Reported NTFS volume size is more accurate * Add ability to decrypt from a VMK file * Add ability to read the user password from the environment variable `DISLOCKER_PASSWORD` * Add ability to read the user password from pipes * Decryption/encryption speed has been improved by disabling faulty threading -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 13 2020 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.7.3-1 - Spec file cleanup - Upgrade to 0.7.3 (#1876804, thanks to Eshin Kunishima) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1876804 - Segmentation fault https://bugzilla.redhat.com/show_bug.cgi?id=1876804 -------------------------------------------------------------------------------- ================================================================================ dmlite-1.14.2-3.el7 (FEDORA-EPEL-2020-8400708707) Lcgdm grid data management and storage framework -------------------------------------------------------------------------------- Update Information: bugfixes LCGDM-2948, LCGDM-2949, LCGDM-2950, LCGDM-2954, LCGDM-2955, LCGDM-2957 ---- * bugfixes LCGDM-2940, LCGDM-2941, LCGDM-2945, LCGDM-2946, LCGDM-2951 * xrootd plugin library versions configuration cleanup -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 13 2020 Petr Vokac <petr.vokac@xxxxxxx> - 1.14.2-3 - bugfixes LCGDM-2948, LCGDM-2949, LCGDM-2950, LCGDM-2954, LCGDM-2955, LCGDM-2957 * Sun Dec 6 2020 Petr Vokac <petr.vokac@xxxxxxx> - 1.14.2-2 - bugfixes LCGDM-2940, LCGDM-2941, LCGDM-2945, LCGDM-2946, LCGDM-2951 - xrootd plugin library versions configuration cleanup -------------------------------------------------------------------------------- ================================================================================ pngcheck-2.4.0-4.el7 (FEDORA-EPEL-2020-2380ad9dea) Verifies the integrity of PNG, JNG and MNG files -------------------------------------------------------------------------------- Update Information: Security fix for multiple buffer overflows from crafted file input (RHBZ#1902786,1902806,1902810: no CVE yet assigned), and for buffer overrun printing the contents of the sPLT chunk in certain malformed inputs (RHBZ#1905775: no tracking bug or CVE yet assigned) ---- Fix null pointer dereference in pngcheck when -f is given and the sCAL chunk is missing the pixel height (RHBZ#1902730). -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 13 2020 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2.4.0-4 - Bounds-check all accesses into enumerated-value name arrays; a malformed file could have caused a buffer overrun in several of these cases. (RHBZ#1902810) - Fix buffer overrun when print_buffer() is passed a nonpositive size, which can occur in practice for certain malformed inputs. (RHBZ#1902810) - In some cases, the chunk length from the file data (sz) is used to index into the read buffer without sufficient bounds-checking, leading to a buffer overrun. Fix this for PPLT, hIST, sCAL, FRAM, SAVE, nEED, PAST, DISC, DROP, DBYK, ORDR, and SEEK chunks. (RHBZ#1902810) - Fix buffer overrun printing the contents of the sPLT chunk in certain malformed inputs. (RHBZ#1905775) - Backport fix for off-by-one bug in check_magic() from 3.0.0 - Backport fix for zlib version warnings going to stdout from 3.0.0 * Mon Nov 30 2020 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2.4.0-3 - Fix null pointer dereference in pngcheck when -f is given and the sCAL chunk is missing the pixel height. - Use name macro when referencing patches. - Add BR on make in anticipation of https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1902806 - pngcheck: Multiple buffer overflows from crafted file input https://bugzilla.redhat.com/show_bug.cgi?id=1902806 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
