The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1388277bf4 chromium-113.0.5672.126-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2455ae47ae godot-3.1.2-2.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing golang-1.19.9-1.el7 radsecproxy-1.10.0-1.el7 Details about builds: ================================================================================ golang-1.19.9-1.el7 (FEDORA-EPEL-2023-efd9bbf67e) The Go Programming Language -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-24538, CVE-2023-24536 , CVE-2023-24537, CVE-2023-24534, CVE-2023-24539, CVE-2023-29400, and CVE-2023-24540 -------------------------------------------------------------------------------- ChangeLog: * Fri May 26 2023 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 1.19.9-1 - Update to 1.19.9 by doing the equivalent changes as centos8-stream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters https://bugzilla.redhat.com/show_bug.cgi?id=2184481 [ 2 ] Bug #2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption https://bugzilla.redhat.com/show_bug.cgi?id=2184482 [ 3 ] Bug #2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation https://bugzilla.redhat.com/show_bug.cgi?id=2184483 [ 4 ] Bug #2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing https://bugzilla.redhat.com/show_bug.cgi?id=2184484 [ 5 ] Bug #2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values https://bugzilla.redhat.com/show_bug.cgi?id=2196026 [ 6 ] Bug #2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace https://bugzilla.redhat.com/show_bug.cgi?id=2196027 [ 7 ] Bug #2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes https://bugzilla.redhat.com/show_bug.cgi?id=2196029 -------------------------------------------------------------------------------- ================================================================================ radsecproxy-1.10.0-1.el7 (FEDORA-EPEL-2023-3c32763fc0) Generic RADIUS proxy with RadSec support -------------------------------------------------------------------------------- Update Information: # radsecproxy 1.10.0 (2023-05-26) ## New features - Native dynamic discovery for NAPTR and SRV records - Optionally log accounting requests when respoinding directly - SNI support for outgoing connections - Optionally specify server name for certificate name check - Manual MTU setting for DTLS on non-linux platforms ## Misc - Don't require server type to be set by dyndisc scripts - Improve locating openssl lib using pkg-config ## Bug Fixes - Fix radius message length handling -------------------------------------------------------------------------------- ChangeLog: * Fri May 26 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.10.0-1 - Upgrade to 1.10.0 (#2207652) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2207652 - radsecproxy-1.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2207652 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue