The following Fedora EPEL 7 Security updates need testing: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-0859a9d61e x11vnc-0.9.13-12.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-9fbe0750f7 privoxy-3.0.32-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-580891d7f4 chromium-88.0.4324.182-2.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f1e9ccd247 zabbix40-4.0.29-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-04cc5bcb08 nagios-4.4.6-4.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing beakerlib-1.26-1.el7 cabextract-1.9-7.el7 charliecloud-0.22-2.el7 python3-pillow-6.2.2-2.el7 Details about builds: ================================================================================ beakerlib-1.26-1.el7 (FEDORA-EPEL-2021-420574d469) A shell-level integration testing library -------------------------------------------------------------------------------- Update Information: - fixed rlServiceDisable if called without rlServiceEnable beforehand - few internal fixes -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 9 2021 Dalibor Pospisil <dapospis@xxxxxxxxxx> - 1.26-1 - fixed rlServiceDisable if called without rlServiceEnable beforehand - few internal fixes -------------------------------------------------------------------------------- ================================================================================ cabextract-1.9-7.el7 (FEDORA-EPEL-2021-780cd884ad) Utility for extracting cabinet (.cab) archives -------------------------------------------------------------------------------- Update Information: cabextract 1.9 ============== * Fixed invisible bad extraction when using `cabextract -F` (broken in 1.8) * Fixed configure `--with-external-libmspack` which was broken in 1.8 * `configure --with-external-libmspack` will now use `pkg-config`. To configure it manually, set environment variables `libmspack_CFLAGS` and `libmspack_LIBS` before running `configure`. * Now includes the test suite (`make check`) cabextract 1.8 ============== * `cabextract -f` now extracts even more badly damaged files than before cabextract 1.7 ============== * `cabextract` now supports an `--encoding` parameter, to specify the character encoding of CAB filenames if they are not ASCII or UTF8 * `cabextract -L` now lowercases non-ASCII characters cabextract 1.6 ============== * `cabextract` now prevents archive files giving themselves absolute path access using badly UTF-8 encoded slashes. * Because Cygwin allows both `/` and `\` as path separators, cabextract now removes both leading `/`s and `\`s and changes both `../` and `..\` in CAB filenames to `xx`. You can no longer have a CAB filename called e.g. `\/t` (file `t` in the directory `\`). If you need this, create a CAB file where the filename is `./\/t` instead. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 7 2021 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.9-7 - use bundled libmspack on epel * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.9-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jan 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Wed Jul 24 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Jan 31 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Tue Nov 6 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.9-1 - 1.9 * Tue Oct 30 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.8-1 - 1.8 * Wed Jul 25 2018 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 1.7-1 - 1.7 (#1186186) * Thu Jul 12 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Aug 2 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Wed Feb 3 2016 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Thu Apr 9 2015 Juan Orti Alcaine <jorti@xxxxxxxxxxxxxxxxx> - 1.5-2 - Use license macro -------------------------------------------------------------------------------- References: [ 1 ] Bug #1644222 - CVE-2018-18584 CVE-2018-18585 cabextract: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1644222 -------------------------------------------------------------------------------- ================================================================================ charliecloud-0.22-2.el7 (FEDORA-EPEL-2021-0007e8c188) Lightweight user-defined software stacks for high-performance computing -------------------------------------------------------------------------------- Update Information: Fix source0 path. Make man7 available in the base package. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 8 2021 Dave Love <loveshack@xxxxxxxxxxxxxxxxx> <jogas@xxxxxxxx> - 0.22-2 - Fix source0 path - Put man7 in base package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1927476 - charliecloud.7 seems misplaced https://bugzilla.redhat.com/show_bug.cgi?id=1927476 [ 2 ] Bug #1934036 - invalid source0 https://bugzilla.redhat.com/show_bug.cgi?id=1934036 -------------------------------------------------------------------------------- ================================================================================ python3-pillow-6.2.2-2.el7 (FEDORA-EPEL-2021-32d4f4a583) Python image processing library -------------------------------------------------------------------------------- Update Information: Backport CVE fixes for CVE-2020-35655, CVE-2020-35654, CVE-2021-25289 (bz#1934684), CVE-2021-25290 (bz#1934689), CVE-2021-25291 (bz#1934696), CVE-2020-35655, CVE-2021-25293 (bz#1934709), CVE-2021-25292 (bz#1934703), CVE-2021-27921 (bz#1935387), CVE-2021-27922 (bz#1935400), CVE-2021-27923 (bz#1935404) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 4 2021 Orion Poplawski <orion@xxxxxxxx> - 6.2.2-2 - Backport CVE fixes for CVE-2020-35655, CVE-2020-35654, CVE-2021-25289 (bz#1934684), CVE-2021-25290 (bz#1934689), CVE-2021-25291 (bz#1934696), CVE-2020-35655, CVE-2021-25293 (bz#1934709), CVE-2021-25292 (bz#1934703), CVE-2021-27921 (bz#1935387), CVE-2021-27922 (bz#1935400), CVE-2021-27923 (bz#1935404) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1934684 - CVE-2021-25289 python3-pillow: python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1934684 [ 2 ] Bug #1934689 - CVE-2021-25290 python3-pillow: python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1934689 [ 3 ] Bug #1934696 - CVE-2021-25291 python3-pillow: python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1934696 [ 4 ] Bug #1934703 - CVE-2021-25292 python3-pillow: python-pillow: backtracking regex in PDF parser could be used as a DOS attack [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1934703 [ 5 ] Bug #1934709 - CVE-2021-25293 python3-pillow: python-pillow: out-of-bounds read in SGIRleDecode.c [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1934709 [ 6 ] Bug #1935387 - CVE-2021-27921 python3-pillow: python-pillow: reported size of a contained image is not properly checked for a BLP container [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1935387 [ 7 ] Bug #1935400 - CVE-2021-27922 python3-pillow: python-pillow: reported size of a contained image is not properly checked for an ICNS container [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1935400 [ 8 ] Bug #1935404 - CVE-2021-27923 python3-pillow: python-pillow: reported size of a contained image is not properly checked for an ICO container [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1935404 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure