The following Fedora EPEL 7 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-6395a45cb3 perl-Image-ExifTool-12.38-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing liblxi-1.15-1.el7 miniupnpc-2.0-3.el7 Details about builds: ================================================================================ liblxi-1.15-1.el7 (FEDORA-EPEL-2022-c1b58fb721) Library with simple API for communication with LXI devices -------------------------------------------------------------------------------- Update Information: # liblxi v1.15 * Fix meson libtirpc dependency Remove the hardcoded include patch to libtirpc and replace it with one dynamically resolved via `pkg- config`. The reason for implementing the meson dependency check this way is to avoid linking with libtirpc because it is broken with regards to its Sun RPC implementation so instead we link with the RPC implementation which still reside in glibc. However, glibc removed their RPC header files so we need the headers from libtirpc. Further investigation is required to find and fix the bug in the libtirpc RPC implementation so we can get back to normal. They changed something moving it out of glibc and they shouldn't have. -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 23 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.15-1 - Upgrade to 1.15 (#2043963) * Sat Jan 22 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.14-1 - Upgrade to 1.14 (#2042909) * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.13-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.13-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.13-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.13-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.13-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Jul 25 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.13-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Feb 1 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.13-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2043963 - liblxi-1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2043963 -------------------------------------------------------------------------------- ================================================================================ miniupnpc-2.0-3.el7 (FEDORA-EPEL-2022-4069001f10) Library and tool to control NAT in UPnP-enabled routers -------------------------------------------------------------------------------- Update Information: - Clean up SPEC file. - Add patch to fix CVE-2017-1000494 (backported from 2.1). - Add patch to fix CVE-2017-8798 (backported from 2.1). - Drop conditions for Python 3 etc, other branches have moved forward. -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 30 2022 Simone Caronni <negativo17@xxxxxxxxx> - 2.0-3 - Add patch to fix CVE-2017-8798 (backported from 2.1). * Sun Jan 30 2022 Simone Caronni <negativo17@xxxxxxxxx> - 2.0-2 - Clean up SPEC file. - Add patch to fix CVE-2017-1000494 (backported from 2.1). - Drop conditions for Python 3 etc, other branches have moved forward. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1450064 - CVE-2017-8798 miniupnpc: Integer signedness error [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1450064 [ 2 ] Bug #1532504 - CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1532504 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
