The following Fedora EPEL 9 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c9409db037 audiofile-0.3.6-36.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing aml-0.3.0-2.el9 chromium-119.0.6045.159-1.el9 neatvnc-0.7.1-1.el9 puppet-7.27.0-1.el9 rust-ecdsa-0.16.9-1.el9 rust-openssl-0.10.59-1.el9 rust-openssl-sys-0.9.95-1.el9 rust-rust_decimal-1.33.1-1.el9 wayvnc-0.7.2-1.el9 Details about builds: ================================================================================ aml-0.3.0-2.el9 (FEDORA-EPEL-2023-5165cca204) Another Main Loop -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jan 31 2023 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.3.0-1 - new version * Wed Jan 18 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Jul 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Sun Jul 10 2022 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.2.2-1 - new version * Wed Jan 19 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Wed Jul 21 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250080 - Please branch and build WayVNC in EPEL 9 and EPEL 8 if possible https://bugzilla.redhat.com/show_bug.cgi?id=2250080 -------------------------------------------------------------------------------- ================================================================================ chromium-119.0.6045.159-1.el9 (FEDORA-EPEL-2023-03f6b44faf) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 119.0.6045.159, upstream security release - High CVE-2023-5997, use after free in Garbage Collection - High CVE-2023-6112, use after free in Navigation ---- update to 119.0.6045.123. Security fix for CVE-2023-5996 ---- update to 119.0.6045.105. Security fixes: High CVE-2023-5480: Inappropriate implementation in Payments. High CVE-2023-5482: Insufficient data validation in USB. High CVE-2023-5849: Integer overflow in USB. Medium CVE-2023-5850: Incorrect security UI in Downloads. Medium CVE-2023-5851: Inappropriate implementation in Downloads. Medium CVE-2023-5852: Use after free in Printing. Medium CVE-2023-5853: Incorrect security UI in Downloads. Medium CVE-2023-5854: Use after free in Profiles. Medium CVE-2023-5855: Use after free in Reading Mode. Medium CVE-2023-5856: Use after free in Side Panel. Medium CVE-2023-5857: Inappropriate implementation in Downloads. Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Low CVE-2023-5859: Incorrect security UI in Picture In Picture. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 15 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.159-1 - update to 119.0.6045.159, upstream security release High CVE-2023-5997, use after free in Garbage Collection High CVE-2023-6112, use after free in Navigation - add Requires/Conflicts for ABI break in fmpeg-free 6.0.1 - drop first_dts patch, reintroduce first_dts patch in ffmpeg-free-6.0.1 - fixed python3 syntaxWarning: invalid escape sequenc - skip clang's patches for epel8 that now gets clang-16 update * Mon Nov 13 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.123-2 - fixed bz#2240127, Some h.264 mp4s do not play * Wed Nov 8 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.123-1 - update to 119.0.6045.123, include following security fixes: high CVE-2023-5996: Use after free in WebAudio * Tue Nov 7 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.105-2 - enable debuginfo * Wed Nov 1 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.105-1 - update to 119.0.6045.105 * Fri Oct 27 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.59-1 - update 119.0.6045.59 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2247403 - CVE-2023-5480 chromium: chromium-browser: Inappropriate implementation in Payments [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247403 [ 2 ] Bug #2247404 - CVE-2023-5480 chromium: chromium-browser: Inappropriate implementation in Payments [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247404 [ 3 ] Bug #2247405 - CVE-2023-5482 chromium: chromium-browser: Insufficient data validation in USB [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247405 [ 4 ] Bug #2247406 - CVE-2023-5482 chromium: chromium-browser: Insufficient data validation in USB [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247406 [ 5 ] Bug #2247408 - CVE-2023-5849 chromium: chromium-browser: Integer overflow in USB [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247408 [ 6 ] Bug #2247409 - CVE-2023-5849 chromium: chromium-browser: Integer overflow in USB [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247409 [ 7 ] Bug #2247410 - CVE-2023-5850 chromium: chromium-browser: Incorrect security UI in Downloads [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247410 [ 8 ] Bug #2247411 - CVE-2023-5850 chromium: chromium-browser: Incorrect security UI in Downloads [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247411 [ 9 ] Bug #2247412 - CVE-2023-5851 chromium: chromium-browser: Inappropriate implementation in Downloads [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247412 [ 10 ] Bug #2247413 - CVE-2023-5851 chromium: chromium-browser: Inappropriate implementation in Downloads [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247413 [ 11 ] Bug #2247414 - CVE-2023-5852 chromium: chromium-browser: Use after free in Printing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247414 [ 12 ] Bug #2247415 - CVE-2023-5852 chromium: chromium-browser: Use after free in Printing [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247415 [ 13 ] Bug #2247416 - CVE-2023-5853 chromium: chromium-browser: Incorrect security UI in Downloads [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247416 [ 14 ] Bug #2247417 - CVE-2023-5853 chromium: chromium-browser: Incorrect security UI in Downloads [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247417 [ 15 ] Bug #2247418 - CVE-2023-5854 chromium: chromium-browser: Use after free in Profiles [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247418 [ 16 ] Bug #2247419 - CVE-2023-5855 chromium: chromium-browser: Use after free in Reading Mode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247419 [ 17 ] Bug #2247420 - CVE-2023-5854 chromium: chromium-browser: Use after free in Profiles [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247420 [ 18 ] Bug #2247421 - CVE-2023-5855 chromium: chromium-browser: Use after free in Reading Mode [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247421 [ 19 ] Bug #2247422 - CVE-2023-5856 chromium: chromium-browser: Use after free in Side Panel [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247422 [ 20 ] Bug #2247423 - CVE-2023-5856 chromium: chromium-browser: Use after free in Side Panel [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247423 [ 21 ] Bug #2247424 - CVE-2023-5858 chromium: chromium-browser: Inappropriate implementation in WebApp Provider [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247424 [ 22 ] Bug #2247425 - CVE-2023-5859 chromium: chromium-browser: Incorrect security UI in Picture In Picture [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247425 [ 23 ] Bug #2247426 - CVE-2023-5858 chromium: chromium-browser: Inappropriate implementation in WebApp Provider [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247426 [ 24 ] Bug #2247429 - CVE-2023-5857 chromium: chromium-browser: Inappropriate implementation in Downloads [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247429 [ 25 ] Bug #2247430 - CVE-2023-5857 chromium: chromium-browser: Inappropriate implementation in Downloads [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247430 -------------------------------------------------------------------------------- ================================================================================ neatvnc-0.7.1-1.el9 (FEDORA-EPEL-2023-69d9d55e23) a liberally licensed VNC server library -------------------------------------------------------------------------------- Update Information: new version -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 5 2023 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.7.1-1 - new version * Fri Oct 6 2023 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.7.0-1 - new version * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.6.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Sun Mar 12 2023 Neal Gompa <ngompa@xxxxxxxxxxxxxxxxx> - 0.6.0-2 - Rebuild for ffmpeg 6.0 * Tue Jan 31 2023 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.6.0-1 - new version * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Sep 12 2022 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.5.4-1 - new version * Mon Aug 29 2022 Neal Gompa <ngompa@xxxxxxxxxxxxxxxxx> - 0.5.1-3 - Rebuild for ffmpeg 5.1 (#2121070) * Fri Jul 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Sun Jul 10 2022 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.5.1-1 - new version * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.4.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250080 - Please branch and build WayVNC in EPEL 9 and EPEL 8 if possible https://bugzilla.redhat.com/show_bug.cgi?id=2250080 -------------------------------------------------------------------------------- ================================================================================ puppet-7.27.0-1.el9 (FEDORA-EPEL-2023-4b89fba958) Network tool for managing many disparate systems -------------------------------------------------------------------------------- Update Information: Update to 7.27.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 17 2023 Ewoud Kohl van Wijngaarden <ewoud@xxxxxxxxxxxxxxxxxxxxx> - 7.27.0-1 - Update to 7.27.0 * Thu Jun 8 2023 Breno Brand Fernandes <brandfbb@xxxxxxxxx> - 7.24.0-1 - Build 7.24.0 * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.21.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Dec 17 2022 Ewoud Kohl van Wijngaarden <ewoud@xxxxxxxxxxxxxxxxxxxxx> - 7.21.0-1 - Update to 7.21.0 (fixes rhbz#2151953) -------------------------------------------------------------------------------- ================================================================================ rust-ecdsa-0.16.9-1.el9 (FEDORA-EPEL-2023-5855e0c5b1) Pure Rust implementation of the Elliptic Curve Digital Signature Algorithm -------------------------------------------------------------------------------- Update Information: Update to version 0.16.9. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 17 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.16.9-1 - Update to version 0.16.9; Fixes RHBZ#2250112 -------------------------------------------------------------------------------- ================================================================================ rust-openssl-0.10.59-1.el9 (FEDORA-EPEL-2023-55730f165e) OpenSSL bindings -------------------------------------------------------------------------------- Update Information: - Update the openssl crate to version 0.10.59. - Update the openssl-sys crate to version 0.9.95. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 17 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.10.59-1 - Update to version 0.10.59; Fixes RHBZ#2247539 -------------------------------------------------------------------------------- ================================================================================ rust-openssl-sys-0.9.95-1.el9 (FEDORA-EPEL-2023-55730f165e) FFI bindings to OpenSSL -------------------------------------------------------------------------------- Update Information: - Update the openssl crate to version 0.10.59. - Update the openssl-sys crate to version 0.9.95. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 17 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.9.95-1 - Update to version 0.9.95; Fixes RHBZ#2247540 -------------------------------------------------------------------------------- ================================================================================ rust-rust_decimal-1.33.1-1.el9 (FEDORA-EPEL-2023-c9ae129463) Decimal number implementation written in pure Rust -------------------------------------------------------------------------------- Update Information: Update to version 1.33.1. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 17 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.33.1-1 - Update to version 1.33.1; Fixes RHBZ#2249575 -------------------------------------------------------------------------------- ================================================================================ wayvnc-0.7.2-1.el9 (FEDORA-EPEL-2023-882015ce7a) A VNC server for wlroots based Wayland compositors -------------------------------------------------------------------------------- Update Information: new version -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 5 2023 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.7.2-1 - new version * Sat Oct 7 2023 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.7.1-1 - new version * Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.6.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jan 31 2023 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.6.2-2 - add versioning for aml & neatvnc * Tue Jan 31 2023 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.6.2-1 - new version * Sat Jan 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Jul 23 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Sun Jul 10 2022 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.5.0-1 - new version * Fri Dec 17 2021 Bob Hepple <bob.hepple@xxxxxxxxx> - 0.4.1-1 - new version -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250080 - Please branch and build WayVNC in EPEL 9 and EPEL 8 if possible https://bugzilla.redhat.com/show_bug.cgi?id=2250080 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
