The following Fedora EPEL 7 Security updates need testing: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-18a0e3fa23 apptainer-1.1.8-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-342b96903b zarafa-7.1.14-6.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing liblxi-1.19-1.el7 tinyproxy-1.8.4-2.el7 Details about builds: ================================================================================ liblxi-1.19-1.el7 (FEDORA-EPEL-2023-56a488c223) Library with simple API for communication with LXI devices -------------------------------------------------------------------------------- Update Information: # liblxi v1.19 * Silence cast of function type in autogenerated vxi11 code * Add test example demonstrating how to use RAW protocol * Docs: Update README with Homebrew installation instructions * macOS: Build support * macOS: Add check for RPC headers * macOS: Remove libtirpc dependency during build process -------------------------------------------------------------------------------- ChangeLog: * Wed May 3 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.19-1 - Upgrade to 1.19 (#2192857) * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.18-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2192857 - liblxi-1.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=2192857 -------------------------------------------------------------------------------- ================================================================================ tinyproxy-1.8.4-2.el7 (FEDORA-EPEL-2023-c1088e0644) A small, efficient HTTP/SSL proxy daemon -------------------------------------------------------------------------------- Update Information: This updates tinyproxy to version 1.8.4, which as released by upstream fixes CVE-2012-3505. It also included a backport from a newer upstream release to fix CVE-2017-11747. -------------------------------------------------------------------------------- ChangeLog: * Wed May 3 2023 Carl George <carl@george.computer> - 1.8.4-2 - Backport fix for CVE-2017-11747 * Tue Mar 7 2017 Michael Adam <obnox@xxxxxxxxx> - 1.8.4-1 - Update to new upstream version 1.8.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #849370 - CVE-2012-3505 tinyproxy: multiple headers hashmap DoS [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=849370 [ 2 ] Bug #1476704 - CVE-2017-11747 tinyproxy: Creating PID file after privileges dropping allows local DoS [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1476704 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
