The following Fedora EPEL 8 Security updates need testing: Age URL 27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e00c3d01e cutter-re-2.2.0-1.el8 rizin-0.5.1-1.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b06600ebc7 bzip3-1.3.0-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing HepMC3-3.2.6-1.el8 chromium-112.0.5615.49-1.el8 gtk-layer-shell-0.8.1-1.el8 indent-2.2.13-2.el8 livesys-scripts-0.4.3-1.el8 python-twisted-19.10.0-4.el8 rednotebook-2.29.4-1.el8 texlive-extension-20180414-11.el8 Details about builds: ================================================================================ HepMC3-3.2.6-1.el8 (FEDORA-EPEL-2023-7b2a8f010c) C++ Event Record for Monte Carlo Generators -------------------------------------------------------------------------------- Update Information: HepMC3 3.2.6 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 12 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.2.6-1 - Update to version 3.2.6 - Update license tag for license change (GPLv3 to LGPLv3) - New protobuf IO subpackage - Soname bump for libHepMC3search in HepMC3-search subpackage - Drop patches accepted upstream or previously backported -------------------------------------------------------------------------------- ================================================================================ chromium-112.0.5615.49-1.el8 (FEDORA-EPEL-2023-8c1df52e87) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 112.0.5615.49. Fixes the following security issues: CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534, CVE-2023-25193 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 5 2023 Than Ngo <than@xxxxxxxxxx> - 112.0.5615.49-1 - update to 112.0.5615.49 - fix #2184142, Small fonts in menus -------------------------------------------------------------------------------- References: [ 1 ] Bug #2173489 - CVE-2023-25193 chromium: harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2173489 [ 2 ] Bug #2184710 - CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813 CVE-2023-1814 CVE-2023-1815 CVE-2023-1816 CVE-2023-1817 CVE-2023-1818 CVE-2023-1819 CVE-2023-1820 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2184710 -------------------------------------------------------------------------------- ================================================================================ gtk-layer-shell-0.8.1-1.el8 (FEDORA-EPEL-2023-1aaf80d094) Library to create components for Wayland using the Layer Shell -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 12 2023 Artem Polishchuk <ego.cordatus@xxxxxxxxx> - 0.8.1-1 - chore: Update to 0.8.1 * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ indent-2.2.13-2.el8 (FEDORA-EPEL-2023-0147b726cb) A GNU program for formatting C code -------------------------------------------------------------------------------- Update Information: This release fixes few buffer oveflows and uses after free. It also updates Catalan, Croatian, French, Galician, German, Greek, Hungarian, Indonesian, Italian, Romanian, Serbian, Spanish, Turkish, and Ukrainian translations. It adds Portuguese translation. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 12 2023 Petr Pisar <ppisar@xxxxxxxxxx> - 2.2.13-2 - Check for setlocale() at configure time * Tue Mar 21 2023 Petr Pisar <ppisar@xxxxxxxxxx> - 2.2.13-1 - 2.2.13 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #2180115 - indent-2.2.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2180115 -------------------------------------------------------------------------------- ================================================================================ livesys-scripts-0.4.3-1.el8 (FEDORA-EPEL-2023-c333940461) Scripts for auto-configuring live media during boot -------------------------------------------------------------------------------- Update Information: Another fix for making the desktop icon for the installer work in Xfce ---- This update fixes the anaconda (installer) icon displaying a warning when clicked on Xfce live images. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 12 2023 Neal Gompa <ngompa@xxxxxxxxxxxxxxxxx> - 0.4.3-1 - Update to 0.4.3 * Tue Apr 11 2023 Adam Williamson <awilliam@xxxxxxxxxx> - 0.4.2-1 - Update to 0.4.2 * Tue Mar 21 2023 Adam Williamson <awilliam@xxxxxxxxxx> - 0.4.1-1 - Update to 0.4.1 -------------------------------------------------------------------------------- ================================================================================ python-twisted-19.10.0-4.el8 (FEDORA-EPEL-2023-73a16276bd) Twisted is a networking engine written in Python -------------------------------------------------------------------------------- Update Information: Backport fixes for CVE-2022-21716 and CVE-2022-24801. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 12 2023 Carl George <carl@george.computer> - 19.10.0-4 - Backport fix for CVE-2022-24801, resolves: rhbz#2073116 * Mon Nov 28 2022 Diego Herrera <dherrera@xxxxxxxxxx> - 19.10.0-3 - Backported CVE-2022-21716 fix from upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #2060973 - CVE-2022-21716 python-twisted: SSH client and server denial of service during SSH handshake [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2060973 [ 2 ] Bug #2073116 - CVE-2022-24801 python-twisted: possible http request smuggling [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2073116 -------------------------------------------------------------------------------- ================================================================================ rednotebook-2.29.4-1.el8 (FEDORA-EPEL-2023-e603aaab5e) Daily journal with calendar, templates and keyword searching -------------------------------------------------------------------------------- Update Information: * Wed Apr 12 2023 Phil Wyett <philip.wyett@xxxxxxxxxxxx> - 2.29.4-1 - New upstream version 2.29.4. - Use SPDX license identifier. - Requires webkit2gtk4.1 where able. - Little spec file rework. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 12 2023 Phil Wyett <philip.wyett@xxxxxxxxxxxx> - 2.29.4-1 - New upstream version 2.29.4. - Use SPDX license identifier. - Requires webkit2gtk4.1 where able. - Little spec file rework. * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.29.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ texlive-extension-20180414-11.el8 (FEDORA-EPEL-2023-2037e87f4c) TeX formatting system -------------------------------------------------------------------------------- Update Information: this update includes texlive-supertabular -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 12 2023 Than Ngo <than@xxxxxxxxxx> - 20180414-11 - fixed #2184736, added supertabular -------------------------------------------------------------------------------- References: [ 1 ] Bug #2184736 - Please branch and build texlive-supertabular in EPEL 8/9 https://bugzilla.redhat.com/show_bug.cgi?id=2184736 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue