The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-99a9054ad1 netatalk-3.1.18-1.el8 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-f2e087c62d chromium-117.0.5938.149-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-18e8d4f55b mbedtls-2.28.5-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing apptainer-1.2.4-1.el8 gaupol-1.13-1.el8 libcue-2.3.0-1.el8 python-virt-firmware-23.10-2.el8 trafficserver-9.2.3-1.el8 Details about builds: ================================================================================ apptainer-1.2.4-1.el8 (FEDORA-EPEL-2023-a8bb8eef71) Application and environment virtualization formerly known as Singularity -------------------------------------------------------------------------------- Update Information: Update to upstream 1.2.4 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 11 2023 Dave Dykstra <dwd@xxxxxxxx> - 1.2.4 - Update to upstream 1.2.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2243304 - apptainer-1.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2243304 -------------------------------------------------------------------------------- ================================================================================ gaupol-1.13-1.el8 (FEDORA-EPEL-2023-cbfe405dc2) Editor for text-based subtitle files -------------------------------------------------------------------------------- Update Information: Update Gaupol to 1.13. ## 2023-10-08: Gaupol 1.13 - Fix translations missing for enums - Fix Python 3.12 compatibility and drop support for Python < 3.4 - Add Chinese (China) translation -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 11 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.13-1 - Update to 1.13 (close RHBZ#2242996) * Wed Oct 11 2023 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 1.12-4 - Fix flatpak build -------------------------------------------------------------------------------- References: [ 1 ] Bug #2242996 - gaupol-1.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2242996 -------------------------------------------------------------------------------- ================================================================================ libcue-2.3.0-1.el8 (FEDORA-EPEL-2023-2b36013026) Cue sheet parser library -------------------------------------------------------------------------------- Update Information: This update provides a new release of libcue that includes the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641. See [this write-up by Kevin Backhouse](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on- gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue and writing the fix. It also includes another small bug fix. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 10 2023 Adam Williamson <awilliam@xxxxxxxxxx> - 2.3.0-1 - New release 2.3.0 - Drop merged patch * Tue Oct 10 2023 Adam Williamson <awilliam@xxxxxxxxxx> - 2.2.1-13 - Fix CVE-2023-43641 (Kevin Backhouse) * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Aug 4 2020 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 2.2.1-6 - Work around CMake out-of-source builds on all branches (#1863986) * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 13 2020 Tom Stellard <tstellar@xxxxxxxxxx> - 2.2.1-4 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Wed Jan 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2243168 - CVE-2023-43641 libcue: a out-of-bounds array access leads to RCE [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243168 -------------------------------------------------------------------------------- ================================================================================ python-virt-firmware-23.10-2.el8 (FEDORA-EPEL-2023-3e327fe8ec) Tools for virtual machine firmware volumes -------------------------------------------------------------------------------- Update Information: update to version 23.10 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 11 2023 Gerd Hoffmann <kraxel@xxxxxxxxxx> - 23.10-2 - add pe-inspect to filelist * Wed Oct 11 2023 Gerd Hoffmann <kraxel@xxxxxxxxxx> - 23.10-1 - update to version 23.10 -------------------------------------------------------------------------------- ================================================================================ trafficserver-9.2.3-1.el8 (FEDORA-EPEL-2023-e2dd7ffa65) Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server -------------------------------------------------------------------------------- Update Information: Update to upstream 9.2.3 Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 11 2023 Jered Floyd <jered@xxxxxxxxxx> 9.2.3-1 - Update to upstream 9.2.3 - Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456 * Wed Oct 4 2023 Jered Floyd <jered@xxxxxxxxxx> 9.2.2-2 - Use OpenSSL 1.1.x from EPEL on RHEL 7 to fix Chrome 117+ bugs -------------------------------------------------------------------------------- References: [ 1 ] Bug #2242988 - trafficserver-9.2.3-rc0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2242988 [ 2 ] Bug #2243251 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243251 [ 3 ] Bug #2243252 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243252 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
