The following Fedora EPEL 7 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-93154093e5 radare2-5.6.0-2.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-5af404a521 varnish-4.0.5-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a22d89c069 snapd-2.54.3-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing llvm13-13.0.1-1.el7 netdata-1.33.1-1.el7 rust-1.58.1-1.el7 scitokens-cpp-0.7.0-1.el7 Details about builds: ================================================================================ llvm13-13.0.1-1.el7 (FEDORA-EPEL-2022-dc3bd1f656) The Low Level Virtual Machine -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2022-21658, a TOCTOU race condition in `std::fs::remove_dir_all`. Privileged programs should be rebuilt if they use this function on paths that may be manipulated with lesser privileges. For more details, see the upstream [security advisory](https://blog.rust- lang.org/2022/01/20/cve-2022-21658.html). Additional features from 1.58.0: * Captured identifiers in format strings * More `#[must_use]` in the standard library * Stabilized APIs See the [blog post](https://blog.rust- lang.org/2022/01/13/Rust-1.58.0.html) and [release notes](https://github.com/rust- lang/rust/blob/master/RELEASES.md#version-1580-2022-01-13) for more details. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 16 2022 Josh Stone <jistone@xxxxxxxxxx> - 13.0.1-1 - 13.0.1 Release, ported to epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2041504 - CVE-2022-21658 rust: Race condition in remove_dir_all leading to removal of files outside of the directory being removed https://bugzilla.redhat.com/show_bug.cgi?id=2041504 -------------------------------------------------------------------------------- ================================================================================ netdata-1.33.1-1.el7 (FEDORA-EPEL-2022-e9efba952e) Real-time performance monitoring -------------------------------------------------------------------------------- Update Information: Update from upstream -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 17 2022 Didier Fabert <didier.fabert@xxxxxxxxx> 1.33.1-1 - Update from upstream - Enable el9 build * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.32.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2046493 - netdata-1.33.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2046493 -------------------------------------------------------------------------------- ================================================================================ rust-1.58.1-1.el7 (FEDORA-EPEL-2022-dc3bd1f656) The Rust Programming Language -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2022-21658, a TOCTOU race condition in `std::fs::remove_dir_all`. Privileged programs should be rebuilt if they use this function on paths that may be manipulated with lesser privileges. For more details, see the upstream [security advisory](https://blog.rust- lang.org/2022/01/20/cve-2022-21658.html). Additional features from 1.58.0: * Captured identifiers in format strings * More `#[must_use]` in the standard library * Stabilized APIs See the [blog post](https://blog.rust- lang.org/2022/01/13/Rust-1.58.0.html) and [release notes](https://github.com/rust- lang/rust/blob/master/RELEASES.md#version-1580-2022-01-13) for more details. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 20 2022 Josh Stone <jistone@xxxxxxxxxx> - 1.58.1-1 - Update to 1.58.1. * Thu Jan 13 2022 Josh Stone <jistone@xxxxxxxxxx> - 1.58.0-1 - Update to 1.58.0. * Wed Jan 5 2022 Josh Stone <jistone@xxxxxxxxxx> - 1.57.0-2 - Add rust-std-static-i686-pc-windows-gnu - Add rust-std-static-x86_64-pc-windows-gnu -------------------------------------------------------------------------------- References: [ 1 ] Bug #2041504 - CVE-2022-21658 rust: Race condition in remove_dir_all leading to removal of files outside of the directory being removed https://bugzilla.redhat.com/show_bug.cgi?id=2041504 -------------------------------------------------------------------------------- ================================================================================ scitokens-cpp-0.7.0-1.el7 (FEDORA-EPEL-2022-7bbf95c6f2) C++ Implementation of the SciTokens Library -------------------------------------------------------------------------------- Update Information: - Changes from static analysis - If only one key is available, do not error on no kid - Support at+jwt profile -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 18 2022 Derek Weitzel <dweitzel@xxxxxxx> - 0.7.0-1 - Changes from static analysis - If only one key is available, do not error on no kid - Support at+jwt profile -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
