The following Fedora EPEL 9 Security updates need testing: Age URL 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1c3e19a13a radare2-5.8.8-2.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-27fd009f63 optipng-0.7.8-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing afflib-3.7.20-1.el9 chromium-119.0.6045.105-1.el9 gpaw-23.9.1-1.el9 libre-3.6.1-1.el9 libsocketcan-0.0.12-3.el9 munin-2.0.75-1.el9 php-pear-Net-SMTP-1.11.1-1.el9 python-hatch-vcs-0.4.0-1.el9 resalloc-5.1-1.el9 roundcubemail-1.5.6-1.el9 rust-blocking-1.4.1-1.el9 rust-h3-0.0.2-1.el9 rust-h3-quinn-0.0.3-1.el9 rust-piper-0.2.1-1.el9 rust-quinn-0.10.2-1.el9 rust-quinn-proto-0.10.5-1.el9 rust-quinn-udp-0.4.1-1.el9 rust-reqwest-0.11.22-3.el9 rust-rstest_reuse-0.6.0-1.el9 Details about builds: ================================================================================ afflib-3.7.20-1.el9 (FEDORA-EPEL-2023-beb8fef8ac) Library to support the Advanced Forensic Format -------------------------------------------------------------------------------- Update Information: bugfix release -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 4 2023 Michal Ambroz <rebus _AT seznam.cz> - 3.7.20-1 - bump to version 3.7.20 * Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.7.19-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Python Maint <python-maint@xxxxxxxxxx> - 3.7.19-10 - Rebuilt for Python 3.12 * Wed Jan 18 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.7.19-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Jul 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.7.19-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon Jun 13 2022 Python Maint <python-maint@xxxxxxxxxx> - 3.7.19-7 - Rebuilt for Python 3.11 -------------------------------------------------------------------------------- ================================================================================ chromium-119.0.6045.105-1.el9 (FEDORA-EPEL-2023-14c0898d9a) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 119.0.6045.105. Security fixes: High CVE-2023-5480: Inappropriate implementation in Payments. High CVE-2023-5482: Insufficient data validation in USB. High CVE-2023-5849: Integer overflow in USB. Medium CVE-2023-5850: Incorrect security UI in Downloads. Medium CVE-2023-5851: Inappropriate implementation in Downloads. Medium CVE-2023-5852: Use after free in Printing. Medium CVE-2023-5853: Incorrect security UI in Downloads. Medium CVE-2023-5854: Use after free in Profiles. Medium CVE-2023-5855: Use after free in Reading Mode. Medium CVE-2023-5856: Use after free in Side Panel. Medium CVE-2023-5857: Inappropriate implementation in Downloads. Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Low CVE-2023-5859: Incorrect security UI in Picture In Picture. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 1 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.105-1 - update to 119.0.6045.105 * Fri Oct 27 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.59-1 - update 119.0.6045.59 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2247403 - CVE-2023-5480 chromium: chromium-browser: Inappropriate implementation in Payments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247403 [ 2 ] Bug #2247404 - CVE-2023-5480 chromium: chromium-browser: Inappropriate implementation in Payments [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247404 [ 3 ] Bug #2247405 - CVE-2023-5482 chromium: chromium-browser: Insufficient data validation in USB [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247405 [ 4 ] Bug #2247406 - CVE-2023-5482 chromium: chromium-browser: Insufficient data validation in USB [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247406 [ 5 ] Bug #2247408 - CVE-2023-5849 chromium: chromium-browser: Integer overflow in USB [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247408 [ 6 ] Bug #2247409 - CVE-2023-5849 chromium: chromium-browser: Integer overflow in USB [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247409 [ 7 ] Bug #2247410 - CVE-2023-5850 chromium: chromium-browser: Incorrect security UI in Downloads [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247410 [ 8 ] Bug #2247411 - CVE-2023-5850 chromium: chromium-browser: Incorrect security UI in Downloads [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247411 [ 9 ] Bug #2247412 - CVE-2023-5851 chromium: chromium-browser: Inappropriate implementation in Downloads [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247412 [ 10 ] Bug #2247413 - CVE-2023-5851 chromium: chromium-browser: Inappropriate implementation in Downloads [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247413 [ 11 ] Bug #2247414 - CVE-2023-5852 chromium: chromium-browser: Use after free in Printing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247414 [ 12 ] Bug #2247415 - CVE-2023-5852 chromium: chromium-browser: Use after free in Printing [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247415 [ 13 ] Bug #2247416 - CVE-2023-5853 chromium: chromium-browser: Incorrect security UI in Downloads [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247416 [ 14 ] Bug #2247417 - CVE-2023-5853 chromium: chromium-browser: Incorrect security UI in Downloads [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247417 [ 15 ] Bug #2247418 - CVE-2023-5854 chromium: chromium-browser: Use after free in Profiles [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247418 [ 16 ] Bug #2247419 - CVE-2023-5855 chromium: chromium-browser: Use after free in Reading Mode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247419 [ 17 ] Bug #2247420 - CVE-2023-5854 chromium: chromium-browser: Use after free in Profiles [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247420 [ 18 ] Bug #2247421 - CVE-2023-5855 chromium: chromium-browser: Use after free in Reading Mode [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247421 [ 19 ] Bug #2247422 - CVE-2023-5856 chromium: chromium-browser: Use after free in Side Panel [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247422 [ 20 ] Bug #2247423 - CVE-2023-5856 chromium: chromium-browser: Use after free in Side Panel [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247423 [ 21 ] Bug #2247424 - CVE-2023-5858 chromium: chromium-browser: Inappropriate implementation in WebApp Provider [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247424 [ 22 ] Bug #2247425 - CVE-2023-5859 chromium: chromium-browser: Incorrect security UI in Picture In Picture [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247425 [ 23 ] Bug #2247426 - CVE-2023-5858 chromium: chromium-browser: Inappropriate implementation in WebApp Provider [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247426 [ 24 ] Bug #2247429 - CVE-2023-5857 chromium: chromium-browser: Inappropriate implementation in Downloads [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247429 [ 25 ] Bug #2247430 - CVE-2023-5857 chromium: chromium-browser: Inappropriate implementation in Downloads [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247430 -------------------------------------------------------------------------------- ================================================================================ gpaw-23.9.1-1.el9 (FEDORA-EPEL-2023-4877a73e46) A grid-based real-space PAW method DFT code -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 3 2023 Marcin Dulak <marcindulak@xxxxxxxxxxxxxxxxx> - 23.9.1-1 - New upstream release * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 23.6.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jun 28 2023 Python Maint <python-maint@xxxxxxxxxx> - 23.6.0-2 - Rebuilt for Python 3.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2238750 - gpaw-23.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2238750 -------------------------------------------------------------------------------- ================================================================================ libre-3.6.1-1.el9 (FEDORA-EPEL-2023-173258c266) Generic library for real-time communications -------------------------------------------------------------------------------- Update Information: # libre v3.6.1 (2023-11-03) * ice: `AI_V4MAPPED` doesn't exist on OpenBSD * dialog: REVERT fix rtags of forking `INVITE` with 100rel -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 5 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.6.1-1 - Upgrade to 3.6.1 (#2247959) * Sun Oct 29 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.6.0-1 - Upgrade to 3.6.0 (#2244979) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2247959 - libre-3.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2247959 -------------------------------------------------------------------------------- ================================================================================ libsocketcan-0.0.12-3.el9 (FEDORA-EPEL-2023-e50244ad21) Library for SocketCAN -------------------------------------------------------------------------------- Update Information: Initial packaging. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 5 2023 Vasiliy Glazov <vascom2@xxxxxxxxx> - 0.0.12-3 - Update spec * Thu Nov 2 2023 Vasiliy Glazov <vascom2@xxxxxxxxx> - 0.0.12-2 - Added BR gcc - Removed patch * Mon Oct 30 2023 Vasiliy Glazov <vascom2@xxxxxxxxx> - 0.0.12-1 - Initial packaging for Fedora -------------------------------------------------------------------------------- ================================================================================ munin-2.0.75-1.el9 (FEDORA-EPEL-2023-b54f9104ed) Network-wide resource monitoring tool -------------------------------------------------------------------------------- Update Information: Upstream update to 2.0.75. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Kim B. Heino <b@xxxxxxxx> - 2.0.75-1 - Upgrade to 2.0.75 -------------------------------------------------------------------------------- ================================================================================ php-pear-Net-SMTP-1.11.1-1.el9 (FEDORA-EPEL-2023-77aa94bf20) Provides an implementation of the SMTP protocol -------------------------------------------------------------------------------- Update Information: **Version 1.11.1** Changelog: * BugFix: Triggering deprecation warnings in error-log causes system failures because of changing the behavior in error reporting (#76) -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Remi Collet <remi@xxxxxxxxxxxx> 1.11.1-1 - update to 1.11.1 -------------------------------------------------------------------------------- ================================================================================ python-hatch-vcs-0.4.0-1.el9 (FEDORA-EPEL-2023-1adffaaf0e) Hatch plugin for versioning with your preferred VCS -------------------------------------------------------------------------------- Update Information: ## 0.4.0 - 2023-11-06 ***Changed:*** - Drop support for Python 3.7 ***Added:*** - Officially support Python 3.12 ***Fixed:*** - Prevent `UserWarning` when a template is not defined explicitly -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.4.0-1 - Update to 0.4.0 (close RHBZ#2248106) * Mon Nov 6 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.3.0-2 - Use new (rpm 4.17.1+) bcond style -------------------------------------------------------------------------------- References: [ 1 ] Bug #2248106 - python-hatch-vcs-0.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2248106 -------------------------------------------------------------------------------- ================================================================================ resalloc-5.1-1.el9 (FEDORA-EPEL-2023-a7421388d2) Resource allocator for expensive resources - client tooling -------------------------------------------------------------------------------- Update Information: new upstream release https://github.com/praiskup/resalloc/releases/tag/v5.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Pavel Raiskup <praiskup@xxxxxxxxxx> - 5.1-1 - new upstream release https://github.com/praiskup/resalloc/releases/tag/v5.1 -------------------------------------------------------------------------------- ================================================================================ roundcubemail-1.5.6-1.el9 (FEDORA-EPEL-2023-ffe5c0ac79) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: **Release 1.5.6** - Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Remi Collet <remi@xxxxxxxxxxxx> - 1.5.6-1 - update to 1.5.6 -------------------------------------------------------------------------------- ================================================================================ rust-blocking-1.4.1-1.el9 (FEDORA-EPEL-2023-fa1c99cbc3) Thread pool for isolating blocking I/O in async programs -------------------------------------------------------------------------------- Update Information: - Update the blocking crate to version 1.4.1. - Unretire the package for the piper crate and update it to version 0.2.1. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.4.1-1 - Update to version 1.4.1 * Fri Jul 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-h3-0.0.2-1.el9 (FEDORA-EPEL-2023-5befe263ab) Async HTTP/3 implementation -------------------------------------------------------------------------------- Update Information: - Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate. - Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp crates. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 30 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.0.2-1 - Initial import (#2246720) -------------------------------------------------------------------------------- ================================================================================ rust-h3-quinn-0.0.3-1.el9 (FEDORA-EPEL-2023-5befe263ab) QUIC transport implementation based on Quinn -------------------------------------------------------------------------------- Update Information: - Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate. - Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp crates. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.0.3-1 - Initial import (#2246724) -------------------------------------------------------------------------------- ================================================================================ rust-piper-0.2.1-1.el9 (FEDORA-EPEL-2023-fa1c99cbc3) Async pipes, channels, mutexes, and more -------------------------------------------------------------------------------- Update Information: - Update the blocking crate to version 1.4.1. - Unretire the package for the piper crate and update it to version 0.2.1. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.2.1-1 - Update to version 0.2.1 * Sat Jul 23 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.1.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.1.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-quinn-0.10.2-1.el9 (FEDORA-EPEL-2023-5befe263ab) Versatile QUIC transport protocol implementation -------------------------------------------------------------------------------- Update Information: - Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate. - Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp crates. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 31 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.10.2-1 - Initial import (#2246723) -------------------------------------------------------------------------------- ================================================================================ rust-quinn-proto-0.10.5-1.el9 (FEDORA-EPEL-2023-5befe263ab) State machine for the QUIC transport protocol -------------------------------------------------------------------------------- Update Information: - Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate. - Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp crates. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 30 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.10.5-1 - Initial import (#2246722) -------------------------------------------------------------------------------- ================================================================================ rust-quinn-udp-0.4.1-1.el9 (FEDORA-EPEL-2023-5befe263ab) UDP sockets with ECN information for the QUIC transport protocol -------------------------------------------------------------------------------- Update Information: - Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate. - Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp crates. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 30 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.4.1-1 - Initial import (#2246721) -------------------------------------------------------------------------------- ================================================================================ rust-reqwest-0.11.22-3.el9 (FEDORA-EPEL-2023-5befe263ab) Higher level HTTP client library -------------------------------------------------------------------------------- Update Information: - Enable QUIC / HTTP/3 and Rustls support in the package for the reqwest crate. - Initial packaging of the h3, h3-quinn, quinn, quinn-proto, and quinn-udp crates. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.11.22-3 - Enable features for HTTP/3 (QUIC) support * Sat Oct 28 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.11.22-2 - Enable features for Rustls support -------------------------------------------------------------------------------- ================================================================================ rust-rstest_reuse-0.6.0-1.el9 (FEDORA-EPEL-2023-0cbc2527b7) Reusable test attributes for rstest -------------------------------------------------------------------------------- Update Information: Initial packaging of the rstest_reuse crate. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.6.0-1 - Initial import (#2247854) -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
