The following Fedora EPEL 7 Security updates need testing: Age URL 28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4a9fc09599 openjpeg2-2.3.1-10.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-143227c7ed sympa-6.2.60-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-5843fdc72c adplug-2.3.3-1.el7 audacious-plugins-4.0.5-3.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-6bfa86551f coturn-4.5.2-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing blitz-1.0.1-5.el7 chromium-87.0.4280.141-1.el7 liferea-1.13.5-1.el7 python-junit_xml-1.7-2.el7 qpid-proton-0.33.0-1.el7 Details about builds: ================================================================================ blitz-1.0.1-5.el7 (FEDORA-EPEL-2021-77e387a201) C++ class library for matrix scientific computing -------------------------------------------------------------------------------- Update Information: Blitz is a C++ matrix library -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1140772 - Please build an EPEL7 build of blitz https://bugzilla.redhat.com/show_bug.cgi?id=1140772 -------------------------------------------------------------------------------- ================================================================================ chromium-87.0.4280.141-1.el7 (FEDORA-EPEL-2021-d851c69e59) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Update Chromium to 87.0.4280.141. Fixes: CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115 CVE-2021-21116 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 13 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 87.0.4280.141-1 - update to 87.0.4280.141 * Wed Dec 30 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 87.0.4280.88-2 - rebuild against new gcc (rawhide) * Thu Dec 17 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 87.0.4280.88-1.1 - add two patches for missing headers to build with gcc 11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1913624 - CVE-2021-21106 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=1913624 [ 2 ] Bug #1913625 - CVE-2021-21107 chromium-browser: Use after free in drag and drop https://bugzilla.redhat.com/show_bug.cgi?id=1913625 [ 3 ] Bug #1913626 - CVE-2021-21108 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1913626 [ 4 ] Bug #1913627 - CVE-2021-21109 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1913627 [ 5 ] Bug #1913629 - CVE-2021-21110 chromium-browser: Use after free in safe browsing https://bugzilla.redhat.com/show_bug.cgi?id=1913629 [ 6 ] Bug #1913630 - CVE-2021-21111 chromium-browser: Insufficient policy enforcement in WebUI https://bugzilla.redhat.com/show_bug.cgi?id=1913630 [ 7 ] Bug #1913631 - CVE-2021-21112 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1913631 [ 8 ] Bug #1913632 - CVE-2021-21113 chromium-browser: Heap buffer overflow in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1913632 [ 9 ] Bug #1913633 - CVE-2020-16043 chromium-browser: Insufficient data validation in networking https://bugzilla.redhat.com/show_bug.cgi?id=1913633 [ 10 ] Bug #1913634 - CVE-2021-21114 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1913634 [ 11 ] Bug #1913635 - CVE-2020-15995 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1913635 [ 12 ] Bug #1913636 - CVE-2021-21115 chromium-browser: Use after free in safe browsing https://bugzilla.redhat.com/show_bug.cgi?id=1913636 [ 13 ] Bug #1913637 - CVE-2021-21116 chromium-browser: Heap buffer overflow in audio https://bugzilla.redhat.com/show_bug.cgi?id=1913637 -------------------------------------------------------------------------------- ================================================================================ liferea-1.13.5-1.el7 (FEDORA-EPEL-2021-9d5b0573f0) An RSS/RDF feed reader -------------------------------------------------------------------------------- Update Information: new version -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 12 2021 josef radinger <cheese@xxxxxxxxxxxxxx> - 1:1.13.5-1 - bump version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1786583 - liferea switched ui language partly from german to english https://bugzilla.redhat.com/show_bug.cgi?id=1786583 -------------------------------------------------------------------------------- ================================================================================ python-junit_xml-1.7-2.el7 (FEDORA-EPEL-2021-4e73834f3e) Python module for creating JUnit XML test result documents -------------------------------------------------------------------------------- Update Information: Add missing python2-six/python36-six dependency; various packaging improvements -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 14 2021 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.7-2 - Drop EL6 support - Drop unnecessary macros - Do not conditionalize Python 3 build - Update summary and description from upstream - Use %python3_pkgversion where appropriate - Add missing BR on setuptools - Add missing runtime requirement for python*-six -------------------------------------------------------------------------------- ================================================================================ qpid-proton-0.33.0-1.el7 (FEDORA-EPEL-2021-3b1aa447f7) A high performance, lightweight messaging library -------------------------------------------------------------------------------- Update Information: Rebased to 0.33.0. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 14 2021 Irina Boverman <iboverma@xxxxxxxxxx> - 0.33.0-1 - Rebased to 0.33.0 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
