Fedora EPEL 7 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-97dd2d11b6   xrdp-0.9.23.1-1.el7
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3ee7f851c6   composer-1.10.27-1.el7
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a99c56df6a   libptytty-2.0-4.el7 rxvt-unicode-9.31-1.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2661620873   libspf2-1.2.11-11.20210922git4915c308.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-458a169f82   exim-4.96.1-1.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    HepMC3-3.2.7-1.el7
    cacti-1.2.25-1.el7
    cacti-spine-1.2.25-1.el7
    munin-2.0.74-1.el7
    partclone-0.3.27-1.el7
    rpki-client-8.6-1.el7
    rs-20200313-4.el7
    trafficserver-9.2.2-2.el7

Details about builds:


================================================================================
 HepMC3-3.2.7-1.el7 (FEDORA-EPEL-2023-59cabab56f)
 C++ Event Record for Monte Carlo Generators
--------------------------------------------------------------------------------
Update Information:

HepMC3 3.2.7
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.2.7-1
- Update to version 3.2.7
* Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-maint@xxxxxxxxxx> - 3.2.6-2
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------


================================================================================
 cacti-1.2.25-1.el7 (FEDORA-EPEL-2023-bcf6c3bf53)
 An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:

Update cacti and cacti-spine to version 1.2.25.  This includes the upstream
fixes for many CVEs.
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Carl George <carlwgeorge@xxxxxxxxxxxxxxxxx> - 1.2.25-1
- Update to version 1.2.25
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2237580 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237580
  [ 2 ] Bug #2237581 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237581
  [ 3 ] Bug #2237586 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237586
  [ 4 ] Bug #2237589 - CVE-2023-39359 cacti: Authenticated SQL injection vulnerability when managing graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237589
  [ 5 ] Bug #2237591 - CVE-2023-39360 cacti: Cross-Site Scripting vulnerability when creating new graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237591
  [ 6 ] Bug #2237596 - CVE-2023-39361 cacti: Unauthenticated SQL Injection when viewing graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237596
  [ 7 ] Bug #2237599 - CVE-2023-39366 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237599
  [ 8 ] Bug #2237602 - CVE-2023-39510 cacti: Cross-Site Scripting vulnerability with Device Name when administrating Reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237602
  [ 9 ] Bug #2237605 - CVE-2023-39357 cacti: SQL Injection when saving data with sql_save() [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237605
  [ 10 ] Bug #2237608 - CVE-2023-39358 cacti: Authenticated SQL injection vulnerability when managing reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237608
  [ 11 ] Bug #2237612 - CVE-2023-39364 cacti: Open redirect in change password functionality [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237612
  [ 12 ] Bug #2237614 - CVE-2023-39365 cacti: SQL Injection when using regular expressions [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237614
  [ 13 ] Bug #2237617 - CVE-2023-30534 cacti: Insecure deserialization of filter data [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237617
  [ 14 ] Bug #2237620 - CVE-2023-31132 cacti: Privilege escalation when Cacti installed using Windows Installer defaults [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237620
  [ 15 ] Bug #2237623 - CVE-2023-39362 cacti: Authenticated command injection when using SNMP options [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237623
  [ 16 ] Bug #2237626 - CVE-2023-39516 cacti: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237626
  [ 17 ] Bug #2237818 - CVE-2023-39511 cacti: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237818
  [ 18 ] Bug #2242048 - CVE-2023-39512 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2242048
--------------------------------------------------------------------------------


================================================================================
 cacti-spine-1.2.25-1.el7 (FEDORA-EPEL-2023-bcf6c3bf53)
 Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:

Update cacti and cacti-spine to version 1.2.25.  This includes the upstream
fixes for many CVEs.
https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Carl George <carlwgeorge@xxxxxxxxxxxxxxxxx> - 1.2.25-1
- Update to version 1.2.25
* Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.2.23-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jan 18 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.2.23-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2237580 - CVE-2023-39514 cacti: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237580
  [ 2 ] Bug #2237581 - CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237581
  [ 3 ] Bug #2237586 - CVE-2023-39515 cacti: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237586
  [ 4 ] Bug #2237589 - CVE-2023-39359 cacti: Authenticated SQL injection vulnerability when managing graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237589
  [ 5 ] Bug #2237591 - CVE-2023-39360 cacti: Cross-Site Scripting vulnerability when creating new graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237591
  [ 6 ] Bug #2237596 - CVE-2023-39361 cacti: Unauthenticated SQL Injection when viewing graphs [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237596
  [ 7 ] Bug #2237599 - CVE-2023-39366 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237599
  [ 8 ] Bug #2237602 - CVE-2023-39510 cacti: Cross-Site Scripting vulnerability with Device Name when administrating Reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237602
  [ 9 ] Bug #2237605 - CVE-2023-39357 cacti: SQL Injection when saving data with sql_save() [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237605
  [ 10 ] Bug #2237608 - CVE-2023-39358 cacti: Authenticated SQL injection vulnerability when managing reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237608
  [ 11 ] Bug #2237612 - CVE-2023-39364 cacti: Open redirect in change password functionality [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237612
  [ 12 ] Bug #2237614 - CVE-2023-39365 cacti: SQL Injection when using regular expressions [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237614
  [ 13 ] Bug #2237617 - CVE-2023-30534 cacti: Insecure deserialization of filter data [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237617
  [ 14 ] Bug #2237620 - CVE-2023-31132 cacti: Privilege escalation when Cacti installed using Windows Installer defaults [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237620
  [ 15 ] Bug #2237623 - CVE-2023-39362 cacti: Authenticated command injection when using SNMP options [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237623
  [ 16 ] Bug #2237626 - CVE-2023-39516 cacti: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237626
  [ 17 ] Bug #2237818 - CVE-2023-39511 cacti: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2237818
  [ 18 ] Bug #2242048 - CVE-2023-39512 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2242048
--------------------------------------------------------------------------------


================================================================================
 munin-2.0.74-1.el7 (FEDORA-EPEL-2023-71269dae43)
 Network-wide resource monitoring tool
--------------------------------------------------------------------------------
Update Information:

Upstream update to 2.0.74.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Kim B. Heino <b@xxxxxxxx> - 2.0.74-1
- Upgrade to 2.0.74
* Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.0.73-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 partclone-0.3.27-1.el7 (FEDORA-EPEL-2023-bbe6bc61e4)
 Utility to clone and restore a partition
--------------------------------------------------------------------------------
Update Information:

# partclone v0.3.27   - Update docs  - Add read-direct-io and write-direct-op
options for `O_DIRECT` flag  - Add date time to log file
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.3.27-1
- Upgrade to 0.3.27 (#2242163)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2242163 - partclone-0.3.27 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2242163
--------------------------------------------------------------------------------


================================================================================
 rpki-client-8.6-1.el7 (FEDORA-EPEL-2023-8c1d851d38)
 OpenBSD RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:

# rpki-client 8.6    - A compliance check was added to ensure the X.509 Subject
only contains `commonName` and optionally `serialNumber`.   - A compliance check
was added to ensure the CMS SignedData and SignerInfo versions to be 3.   -
Fisher-Yates shuffle the order in which Manifest entries are processed.
Previously, work items were enqueued in the order the CA intended them to appear
on a Manifest. However, there is no obvious benefit to third parties deciding
the order in which things are processed. Now the Manifest ordering is randomized
(as the order has no meaning anyway), and the number of concurrent repository
synchronization operations is limited & timeboxed.   - Various refactoring work.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 8.6-1
- Upgrade to 8.6 (#2242194)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2242194 - rpki-client-8.6 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2242194
--------------------------------------------------------------------------------


================================================================================
 rs-20200313-4.el7 (FEDORA-EPEL-2023-73640dec77)
 Reshape a data array
--------------------------------------------------------------------------------
Update Information:

rs reads the standard input, interpreting each line as a row of blank-separated
entries in an array, transforms the array according to the options, and writes
it on the standard output. Numerous options control input, reshaping and output
processing; the simplest usage example is `ls -1 | rs`, which outputs the same
(on an 80-column terminal) as the modern `ls` with no `-1` argument.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 22 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 20200313-4
- Justify workarounds for Red Hat Enterprise Linux 7 (#2110814 #c3)
* Sat Sep 17 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 20200313-3
- Update license to SPDX expression
* Wed Jul 27 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 20200313-2
- Support for Red Hat Enterprise Linux 7 (thanks to Thorsten Glaser)
* Tue Jul 26 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 20200313-1
- Update to 20200313 (#2110814)
- Initial spec file for Fedora and Red Hat Enterprise Linux
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2110814 - Review Request: rs - Reshape a data array
        https://bugzilla.redhat.com/show_bug.cgi?id=2110814
--------------------------------------------------------------------------------


================================================================================
 trafficserver-9.2.2-2.el7 (FEDORA-EPEL-2023-a08f6a3e19)
 Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:

Use OpenSSL 1.1.x from EPEL on EL7 to enable TLSv1.3 and enable Chrome 117+
workaround
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct  4 2023 Jered Floyd <jered@xxxxxxxxxx> 9.2.2-2
- Use OpenSSL 1.1.x from EPEL on RHEL 7 to fix Chrome 117+ bugs
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux