The following Fedora EPEL 8 Security updates need testing: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-bd945e3b55 adplug-2.3.3-1.el8 audacious-plugins-4.0.5-3.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e976495093 coturn-4.5.2-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing castxml-0.4.1-1.el8 chromium-87.0.4280.141-1.el8 python-aiodns-2.0.0-6.el8 Details about builds: ================================================================================ castxml-0.4.1-1.el8 (FEDORA-EPEL-2021-1e2f276b60) C-family abstract syntax tree XML output tool -------------------------------------------------------------------------------- Update Information: CastXML 0.4.1. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 14 2021 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 0.4.1-1 - Update to version 0.4.1 * Thu Jan 14 2021 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 0.4.0-1 - Update to version 0.4.0 - Fix expected test output on 32-bit architectures (i686/armv7hl) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1915610 - castxml-0.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1915610 -------------------------------------------------------------------------------- ================================================================================ chromium-87.0.4280.141-1.el8 (FEDORA-EPEL-2021-47ea069c76) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: Update Chromium to 87.0.4280.141. Fixes: CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115 CVE-2021-21116 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 13 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 87.0.4280.141-1 - update to 87.0.4280.141 * Wed Dec 30 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 87.0.4280.88-2 - rebuild against new gcc (rawhide) * Thu Dec 17 2020 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 87.0.4280.88-1.1 - add two patches for missing headers to build with gcc 11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1913624 - CVE-2021-21106 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=1913624 [ 2 ] Bug #1913625 - CVE-2021-21107 chromium-browser: Use after free in drag and drop https://bugzilla.redhat.com/show_bug.cgi?id=1913625 [ 3 ] Bug #1913626 - CVE-2021-21108 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1913626 [ 4 ] Bug #1913627 - CVE-2021-21109 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1913627 [ 5 ] Bug #1913629 - CVE-2021-21110 chromium-browser: Use after free in safe browsing https://bugzilla.redhat.com/show_bug.cgi?id=1913629 [ 6 ] Bug #1913630 - CVE-2021-21111 chromium-browser: Insufficient policy enforcement in WebUI https://bugzilla.redhat.com/show_bug.cgi?id=1913630 [ 7 ] Bug #1913631 - CVE-2021-21112 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1913631 [ 8 ] Bug #1913632 - CVE-2021-21113 chromium-browser: Heap buffer overflow in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1913632 [ 9 ] Bug #1913633 - CVE-2020-16043 chromium-browser: Insufficient data validation in networking https://bugzilla.redhat.com/show_bug.cgi?id=1913633 [ 10 ] Bug #1913634 - CVE-2021-21114 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1913634 [ 11 ] Bug #1913635 - CVE-2020-15995 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1913635 [ 12 ] Bug #1913636 - CVE-2021-21115 chromium-browser: Use after free in safe browsing https://bugzilla.redhat.com/show_bug.cgi?id=1913636 [ 13 ] Bug #1913637 - CVE-2021-21116 chromium-browser: Heap buffer overflow in audio https://bugzilla.redhat.com/show_bug.cgi?id=1913637 -------------------------------------------------------------------------------- ================================================================================ python-aiodns-2.0.0-6.el8 (FEDORA-EPEL-2021-05afc2bbd3) Simple DNS resolver for asyncio -------------------------------------------------------------------------------- Update Information: Add Patch0 to fix epel8 installation package -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 13 2021 Matthieu Saulnier <fantom@xxxxxxxxxxxxxxxxx> - 2.0.0-6 - Add Patch0 to fix epel8 installation package Backport from upstream commit: 28111210 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1915746 - Package uninstallable on EL8 https://bugzilla.redhat.com/show_bug.cgi?id=1915746 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
