The following Fedora EPEL 8 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ee729bf9b2 sympa-6.2.72-2.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing apptainer-1.1.9-1.el8 guacamole-server-1.5.2-2.el8 mongo-c-driver-1.23.5-1.el8 perl-HTML-StripScripts-1.06-22.el8 remmina-1.4.31-1.el8 syncthing-1.23.5-1.el8 Details about builds: ================================================================================ apptainer-1.1.9-1.el8 (FEDORA-EPEL-2023-8957de8c8a) Application and environment virtualization formerly known as Singularity -------------------------------------------------------------------------------- Update Information: Update to upstream-1.1.9 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 7 2023 Dave Dykstra <dwd@xxxxxxxx> - 1.1.9-1 - Update to upstream 1.1.9. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2213313 - apptainer-1.1.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2213313 -------------------------------------------------------------------------------- ================================================================================ guacamole-server-1.5.2-2.el8 (FEDORA-EPEL-2023-24b6ae61af) Server-side native components that form the Guacamole proxy -------------------------------------------------------------------------------- Update Information: - Added upstream patch to fix RDP related segfault ([GUACAMOLE- 1802](https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1802)) -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 7 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 1.5.2-2 - Added upstream patch to fix RDP related segfault (GUACAMOLE-1802) -------------------------------------------------------------------------------- ================================================================================ mongo-c-driver-1.23.5-1.el8 (FEDORA-EPEL-2023-eefdadb7f8) Client library written in C for MongoDB -------------------------------------------------------------------------------- Update Information: **libmongoc 1.23.5** Fixes: * Fix potential crash due to insufficient memory when allocating performance counters. * Fix compilation error on Android platforms due to missing aligned_alloc. * Return an error if RewrapManyDataKey is invoked without a provider when a masterKey is given. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 7 2023 Remi Collet <remi@xxxxxxxxxxxx> - 1.23.5-1 - update to 1.23.5 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-StripScripts-1.06-22.el8 (FEDORA-EPEL-2023-d55abd83c7) Strip scripting constructs out of HTML -------------------------------------------------------------------------------- Update Information: Fixes CVE-2023-24038 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 7 2023 Xavier Bachelot <xavier@xxxxxxxxxxxx> 1.06-22 - Add patch for CVE-2023-24038 - Convert License: to SPDX * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.06-21 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jul 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.06-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue May 31 2022 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.06-19 - Perl 5.36 rebuild * Fri Jan 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.06-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.06-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri May 21 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.06-16 - Perl 5.34 rebuild * Wed Jan 27 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.06-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.06-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jun 23 2020 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.06-13 - Perl 5.32 rebuild * Thu Jan 30 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.06-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2164149 - CVE-2023-24038 perl-HTML-StripScripts: Handler for style attribute is vulnerable to ReDoS [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2164149 -------------------------------------------------------------------------------- ================================================================================ remmina-1.4.31-1.el8 (FEDORA-EPEL-2023-d93c96ff4c) Remote Desktop Client -------------------------------------------------------------------------------- Update Information: New upstream version 1.4.31. Remove no longer needed patches. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 7 2023 Phil Wyett <philip.wyett@xxxxxxxxxxxx> - 1.4.31-1 - New upstream version 1.4.31. - Remove no longer needed patches. * Tue Jun 6 2023 Phil Wyett <philip.wyett@xxxxxxxxxxxx> - 1.4.30-3 - Remove some old workarounds from spec file. -------------------------------------------------------------------------------- ================================================================================ syncthing-1.23.5-1.el8 (FEDORA-EPEL-2023-e14003b86d) Continuous File Synchronization -------------------------------------------------------------------------------- Update Information: Update to version 1.23.5. Addresses CVE-2022-46165. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 7 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.23.5-1 - Update to version 1.23.5; Fixes RHBZ#2213024 * Wed Jun 7 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.23.4-1 - Update to version 1.23.4; Fixes RHBZ#2184805 * Wed Jun 7 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.23.2-1 - Update to version 1.23.2; Fixes RHBZ#2167959 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2213012 - CVE-2022-46165 syncthing: Cross-site scripting through malicious files [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2213012 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
