The following Fedora EPEL 7 Security updates need testing: Age URL 23 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f005e1b879 debmirror-2.35-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-1c90472b95 libopenmpt-0.5.12-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing pspg-5.4.0-1.el7 python3-pillow-6.2.2-3.el7 Details about builds: ================================================================================ pspg-5.4.0-1.el7 (FEDORA-EPEL-2021-7d9e53593a) A unix pager optimized for psql -------------------------------------------------------------------------------- Update Information: new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/5.4.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 10 2021 Pavel Raiskup <praiskup@xxxxxxxxxx> - 5.4.0-1 - new upstream release, per release notes: https://github.com/okbob/pspg/releases/tag/5.4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1992579 - pspg-5.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1992579 -------------------------------------------------------------------------------- ================================================================================ python3-pillow-6.2.2-3.el7 (FEDORA-EPEL-2021-a3fe2b021b) Python image processing library -------------------------------------------------------------------------------- Update Information: Backport CVE fixes for CVE-2021-23437 (bz#2001911), CVE-2021-28675 (bz#1958243), CVE-2021-28676 (bz#1958255), CVE-2021-28677 (bz#1958260), CVE-2021-28678 (bz#1958266), CVE-2021-34552 (bz#1982382) -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 9 2021 Orion Poplawski <orion@xxxxxxxx> - 6.2.2-3 - Backport CVE fixes for CVE-2021-23437 (bz#2001911), CVE-2021-28675 (bz#1958243), CVE-2021-28676 (bz#1958255), CVE-2021-28677 (bz#1958260), CVE-2021-28678 (bz#1958266), CVE-2021-34552 (bz#1982382) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1958243 - CVE-2021-28675 python3-pillow: python-pillow: DoS in PsdImagePlugin [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1958243 [ 2 ] Bug #1958255 - CVE-2021-28676 python3-pillow: python-pillow: infinite loop in FliDecode.c can lead to DoS [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1958255 [ 3 ] Bug #1958260 - CVE-2021-28677 python3-pillow: python-pillow: DoS in the open phase via a malicious EPS file [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1958260 [ 4 ] Bug #1958266 - CVE-2021-28678 python3-pillow: python-pillow: improper check in BlpImagePlugin can lead to DoS [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1958266 [ 5 ] Bug #1982382 - CVE-2021-34552 python3-pillow: python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1982382 [ 6 ] Bug #2001911 - CVE-2021-23437 python3-pillow: python-pillow: possible ReDoS via the getrgb function [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2001911 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
