The following Fedora EPEL 7 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-de23d337b0 libopenmpt-0.6.6-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-66467c33ea seamonkey-2.53.14-3.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-d8f75949c3 git-lfs-2.10.0-2.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing luajit-2.0.5-1.20220913.46e62cd.el7 python3-mod_wsgi-4.7.1-3.el7 Details about builds: ================================================================================ luajit-2.0.5-1.20220913.46e62cd.el7 (FEDORA-EPEL-2022-f174e47230) Just-In-Time Compiler for Lua -------------------------------------------------------------------------------- Update Information: - Update to latest snapshot of 2.0 branch - Fixes CVE-2020-15890, resolves rhbz#1860331 - Fixes CVE-2020-24372, resolves rhbz#1870308 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 3 2022 Carl George <carl@george.computer> - 2.0.5-1.20220914.46e62cd - Update to latest snapshot of 2.0 branch - Fixes CVE-2020-15890, resolves rhbz#1860331 - Fixes CVE-2020-24372, resolves rhbz#1870308 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1860331 - CVE-2020-15890 luajit: out-of-bounds read because __gc handler frame traversal is mishandled [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1860331 [ 2 ] Bug #1870308 - CVE-2020-24372 luajit: out-of-bounds read in lj_err_run function in lj_err.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1870308 -------------------------------------------------------------------------------- ================================================================================ python3-mod_wsgi-4.7.1-3.el7 (FEDORA-EPEL-2022-3f600666f9) A WSGI interface for Python web applications in Apache -------------------------------------------------------------------------------- Update Information: - Backported fix for CVE-2022-2255 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 5 2022 Diego Herrera <dherrera@xxxxxxxxxx> - 4.7.1-3 - Backported fix for CVE-2022-2255 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2108272 - CVE-2022-2255 python3-mod_wsgi: mod_wsgi: Trusted Proxy Headers Removing Bypass [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2108272 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
