The following Fedora EPEL 7 Security updates need testing: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7f38c5da36 lib3mf-2.0.1-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7f980da66e tor-0.3.5.14-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-615589a3ad zarafa-7.1.14-4.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a650134f4f exim-4.94-2.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-b1d43d7b48 atasm-1.09-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a1ab6f9c4e libmediainfo-21.03-1.el7 libzen-0.4.39-1.el7 mediainfo-21.03-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing chromium-89.0.4389.90-3.el7 openssl11-1.1.1g-3.el7 Details about builds: ================================================================================ chromium-89.0.4389.90-3.el7 (FEDORA-EPEL-2021-d0a9c2bf03) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Fix issue where chromium would crash upon accessing components/cast_*. Thanks to Gentoo for the patch. It also fixes some security issues, because why not: CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 25 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 89.0.4389.90-3 - apply upstream fix for newer system libva * Wed Mar 24 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 89.0.4389.90-2 - fix crashes with components/cast_* * Thu Mar 18 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 89.0.4389.90-1 - update to 89.0.4389.90 - disable auto-download of widevine binary only blob * Mon Mar 15 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 89.0.4389.82-2 - add support for futex_time64 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1939460 - CVE-2021-21191 chromium-browser: Use after free in WebRTC https://bugzilla.redhat.com/show_bug.cgi?id=1939460 [ 2 ] Bug #1939461 - CVE-2021-21192 chromium-browser: Heap buffer overflow in tab groups https://bugzilla.redhat.com/show_bug.cgi?id=1939461 [ 3 ] Bug #1939462 - CVE-2021-21193 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1939462 -------------------------------------------------------------------------------- ================================================================================ openssl11-1.1.1g-3.el7 (FEDORA-EPEL-2021-857a9f7853) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information: - backport from 1.1.1g-15: version bump - backport from 1.1.1g-14: CVE-2021-3450 openssl: CA certificate check bypass with `X509_V_FLAG_X509_STRICT` - backport from 1.1.1g-13: Fix CVE-2021-3449 `NULL` pointer deref in `signature_algorithms processing` -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 29 2021 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.1.1g-3 - backport from 1.1.1g-15: version bump - backport from 1.1.1g-14: CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT - backport from 1.1.1g-13: Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing -------------------------------------------------------------------------------- References: [ 1 ] Bug #1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT https://bugzilla.redhat.com/show_bug.cgi?id=1941547 [ 2 ] Bug #1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing https://bugzilla.redhat.com/show_bug.cgi?id=1941554 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure