Fedora EPEL 8 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 8 Security updates need testing:
 Age  URL
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-bfde2b0c7c   libspf2-1.2.11-11.20210922git4915c308.el8
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-35a1e9b1b2   exim-4.96.1-1.el8


The following builds have been pushed to Fedora EPEL 8 updates-testing

    HepMC3-3.2.7-1.el8
    cacti-1.2.25-1.el8
    cacti-spine-1.2.25-1.el8
    munin-2.0.74-1.el8
    nmon-16p-5.el8
    partclone-0.3.27-1.el8
    rpki-client-8.6-1.el8
    rs-20200313-4.el8

Details about builds:


================================================================================
 HepMC3-3.2.7-1.el8 (FEDORA-EPEL-2023-bdbacc31e0)
 C++ Event Record for Monte Carlo Generators
--------------------------------------------------------------------------------
Update Information:

HepMC3 3.2.7
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.2.7-1
- Update to version 3.2.7
* Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-maint@xxxxxxxxxx> - 3.2.6-2
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------


================================================================================
 cacti-1.2.25-1.el8 (FEDORA-EPEL-2023-522c9cf128)
 An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:

Update cacti and cacti-spine to version 1.2.25.  This includes the upstream
fixes for many CVEs.
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Carl George <carlwgeorge@xxxxxxxxxxxxxxxxx> - 1.2.25-1
- Update to version 1.2.25
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2237580 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237580
  [ 2 ] Bug #2237581 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237581
  [ 3 ] Bug #2237586 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237586
  [ 4 ] Bug #2237589 - CVE-2023-39359 cacti: Authenticated SQL injection vulnerability when managing graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237589
  [ 5 ] Bug #2237591 - CVE-2023-39360 cacti: Cross-Site Scripting vulnerability when creating new graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237591
  [ 6 ] Bug #2237596 - CVE-2023-39361 cacti: Unauthenticated SQL Injection when viewing graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237596
  [ 7 ] Bug #2237599 - CVE-2023-39366 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237599
  [ 8 ] Bug #2237602 - CVE-2023-39510 cacti: Cross-Site Scripting vulnerability with Device Name when administrating Reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237602
  [ 9 ] Bug #2237605 - CVE-2023-39357 cacti: SQL Injection when saving data with sql_save() [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237605
  [ 10 ] Bug #2237608 - CVE-2023-39358 cacti: Authenticated SQL injection vulnerability when managing reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237608
  [ 11 ] Bug #2237612 - CVE-2023-39364 cacti: Open redirect in change password functionality [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237612
  [ 12 ] Bug #2237614 - CVE-2023-39365 cacti: SQL Injection when using regular expressions [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237614
  [ 13 ] Bug #2237617 - CVE-2023-30534 cacti: Insecure deserialization of filter data [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237617
  [ 14 ] Bug #2237620 - CVE-2023-31132 cacti: Privilege escalation when Cacti installed using Windows Installer defaults [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237620
  [ 15 ] Bug #2237623 - CVE-2023-39362 cacti: Authenticated command injection when using SNMP options [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237623
  [ 16 ] Bug #2237626 - CVE-2023-39516 cacti: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237626
  [ 17 ] Bug #2237818 - CVE-2023-39511 cacti: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237818
  [ 18 ] Bug #2242048 - CVE-2023-39512 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2242048
--------------------------------------------------------------------------------


================================================================================
 cacti-spine-1.2.25-1.el8 (FEDORA-EPEL-2023-522c9cf128)
 Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:

Update cacti and cacti-spine to version 1.2.25.  This includes the upstream
fixes for many CVEs.
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Carl George <carlwgeorge@xxxxxxxxxxxxxxxxx> - 1.2.25-1
- Update to version 1.2.25
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2237580 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237580
  [ 2 ] Bug #2237581 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237581
  [ 3 ] Bug #2237586 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237586
  [ 4 ] Bug #2237589 - CVE-2023-39359 cacti: Authenticated SQL injection vulnerability when managing graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237589
  [ 5 ] Bug #2237591 - CVE-2023-39360 cacti: Cross-Site Scripting vulnerability when creating new graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237591
  [ 6 ] Bug #2237596 - CVE-2023-39361 cacti: Unauthenticated SQL Injection when viewing graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237596
  [ 7 ] Bug #2237599 - CVE-2023-39366 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237599
  [ 8 ] Bug #2237602 - CVE-2023-39510 cacti: Cross-Site Scripting vulnerability with Device Name when administrating Reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237602
  [ 9 ] Bug #2237605 - CVE-2023-39357 cacti: SQL Injection when saving data with sql_save() [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237605
  [ 10 ] Bug #2237608 - CVE-2023-39358 cacti: Authenticated SQL injection vulnerability when managing reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237608
  [ 11 ] Bug #2237612 - CVE-2023-39364 cacti: Open redirect in change password functionality [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237612
  [ 12 ] Bug #2237614 - CVE-2023-39365 cacti: SQL Injection when using regular expressions [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237614
  [ 13 ] Bug #2237617 - CVE-2023-30534 cacti: Insecure deserialization of filter data [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237617
  [ 14 ] Bug #2237620 - CVE-2023-31132 cacti: Privilege escalation when Cacti installed using Windows Installer defaults [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237620
  [ 15 ] Bug #2237623 - CVE-2023-39362 cacti: Authenticated command injection when using SNMP options [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237623
  [ 16 ] Bug #2237626 - CVE-2023-39516 cacti: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237626
  [ 17 ] Bug #2237818 - CVE-2023-39511 cacti: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237818
  [ 18 ] Bug #2242048 - CVE-2023-39512 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2242048
--------------------------------------------------------------------------------


================================================================================
 munin-2.0.74-1.el8 (FEDORA-EPEL-2023-1ee01b34f6)
 Network-wide resource monitoring tool
--------------------------------------------------------------------------------
Update Information:

Upstream update to 2.0.74.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Kim B. Heino <b@xxxxxxxx> - 2.0.74-1
- Upgrade to 2.0.74
* Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.0.73-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 nmon-16p-5.el8 (FEDORA-EPEL-2023-4d55b587e1)
 Nigel's performance Monitor for Linux
--------------------------------------------------------------------------------
Update Information:

Update build options and website URL.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Sep 10 2023 Peter Oliver <git@xxxxxxxxxxxx> - 16p-4
- Update build options
- Drop obsolete options.
- Specify the correct build flags for ARM and zSeries.
* Sun Sep 10 2023 Peter Oliver <git@xxxxxxxxxxxx> - 16p-3
- Update website URL.
* Sun Sep 10 2023 Peter Oliver <git@xxxxxxxxxxxx> - 16p-2
- Tidy up old source file.
--------------------------------------------------------------------------------


================================================================================
 partclone-0.3.27-1.el8 (FEDORA-EPEL-2023-63c79a4022)
 Utility to clone and restore a partition
--------------------------------------------------------------------------------
Update Information:

# partclone v0.3.27   - Update docs  - Add read-direct-io and write-direct-op
options for `O_DIRECT` flag  - Add date time to log file
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.3.27-1
- Upgrade to 0.3.27 (#2242163)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2242163 - partclone-0.3.27 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2242163
--------------------------------------------------------------------------------


================================================================================
 rpki-client-8.6-1.el8 (FEDORA-EPEL-2023-c3bb64683a)
 OpenBSD RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:

# rpki-client 8.6    - A compliance check was added to ensure the X.509 Subject
only contains `commonName` and optionally `serialNumber`.   - A compliance check
was added to ensure the CMS SignedData and SignerInfo versions to be 3.   -
Fisher-Yates shuffle the order in which Manifest entries are processed.
Previously, work items were enqueued in the order the CA intended them to appear
on a Manifest. However, there is no obvious benefit to third parties deciding
the order in which things are processed. Now the Manifest ordering is randomized
(as the order has no meaning anyway), and the number of concurrent repository
synchronization operations is limited & timeboxed.   - Various refactoring work.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 8.6-1
- Upgrade to 8.6 (#2242194)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2242194 - rpki-client-8.6 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2242194
--------------------------------------------------------------------------------


================================================================================
 rs-20200313-4.el8 (FEDORA-EPEL-2023-7fe23b07a7)
 Reshape a data array
--------------------------------------------------------------------------------
Update Information:

rs reads the standard input, interpreting each line as a row of blank-separated
entries in an array, transforms the array according to the options, and writes
it on the standard output. Numerous options control input, reshaping and output
processing; the simplest usage example is `ls -1 | rs`, which outputs the same
(on an 80-column terminal) as the modern `ls` with no `-1` argument.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 22 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 20200313-4
- Justify workarounds for Red Hat Enterprise Linux 7 (#2110814 #c3)
* Sat Sep 17 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 20200313-3
- Update license to SPDX expression
* Wed Jul 27 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 20200313-2
- Support for Red Hat Enterprise Linux 7 (thanks to Thorsten Glaser)
* Tue Jul 26 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 20200313-1
- Update to 20200313 (#2110814)
- Initial spec file for Fedora and Red Hat Enterprise Linux
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2110814 - Review Request: rs - Reshape a data array
        https://bugzilla.redhat.com/show_bug.cgi?id=2110814
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux