Fedora EPEL 9 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 9 Security updates need testing:
 Age  URL
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c9409db037   audiofile-0.3.6-36.el9


The following builds have been pushed to Fedora EPEL 9 updates-testing

    chromium-119.0.6045.159-2.el9
    ndisc6-1.0.7-3.el9
    packit-0.86.2-1.el9
    python-specfile-0.25.0-1.el9
    python3-rpm-4.16.1.3-25.1.el9
    qbittorrent-4.6.0-1.el9
    rb_libtorrent-2.0.9-3.el9

Details about builds:


================================================================================
 chromium-119.0.6045.159-2.el9 (FEDORA-EPEL-2023-03f6b44faf)
 A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:

update to 119.0.6045.159, upstream security release  - High CVE-2023-5997, use
after free in Garbage Collection - High CVE-2023-6112, use after free in
Navigation    ----  update to 119.0.6045.123. Security fix for  CVE-2023-5996
----  update to 119.0.6045.105. Security fixes:      High CVE-2023-5480:
Inappropriate implementation in Payments.     High CVE-2023-5482: Insufficient
data validation in USB.     High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.     Medium
CVE-2023-5851: Inappropriate implementation in Downloads.     Medium
CVE-2023-5852: Use after free in Printing.     Medium CVE-2023-5853: Incorrect
security UI in Downloads.     Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.     Medium CVE-2023-5856:
Use after free in Side Panel.     Medium CVE-2023-5857: Inappropriate
implementation in Downloads.     Low CVE-2023-5858: Inappropriate implementation
in WebApp Provider.     Low CVE-2023-5859: Incorrect security UI in Picture In
Picture.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 19 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.159-2
- fix ffmpeg conflicts
* Wed Nov 15 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.159-1
- update to 119.0.6045.159, upstream security release
   High CVE-2023-5997, use after free in Garbage Collection
   High CVE-2023-6112, use after free in Navigation
- add Requires/Conflicts for ABI break in fmpeg-free 6.0.1
- drop first_dts patch, reintroduce first_dts patch in ffmpeg-free-6.0.1
- fixed python3 syntaxWarning: invalid escape sequenc
- skip clang's patches for epel8 that now gets clang-16 update
* Mon Nov 13 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.123-2
- fixed bz#2240127, Some h.264 mp4s do not play
* Wed Nov  8 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.123-1
- update to 119.0.6045.123, include following security fixes:
  high CVE-2023-5996: Use after free in WebAudio
* Tue Nov  7 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.105-2
- enable debuginfo
* Wed Nov  1 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.105-1
- update to 119.0.6045.105
* Fri Oct 27 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.59-1
- update 119.0.6045.59
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2247403 - CVE-2023-5480 chromium: chromium-browser: Inappropriate implementation in Payments [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247403
  [ 2 ] Bug #2247404 - CVE-2023-5480 chromium: chromium-browser: Inappropriate implementation in Payments [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247404
  [ 3 ] Bug #2247405 - CVE-2023-5482 chromium: chromium-browser: Insufficient data validation in USB [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247405
  [ 4 ] Bug #2247406 - CVE-2023-5482 chromium: chromium-browser: Insufficient data validation in USB [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247406
  [ 5 ] Bug #2247408 - CVE-2023-5849 chromium: chromium-browser: Integer overflow in USB [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247408
  [ 6 ] Bug #2247409 - CVE-2023-5849 chromium: chromium-browser: Integer overflow in USB [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247409
  [ 7 ] Bug #2247410 - CVE-2023-5850 chromium: chromium-browser: Incorrect security UI in Downloads [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247410
  [ 8 ] Bug #2247411 - CVE-2023-5850 chromium: chromium-browser: Incorrect security UI in Downloads [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247411
  [ 9 ] Bug #2247412 - CVE-2023-5851 chromium: chromium-browser: Inappropriate implementation in Downloads [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247412
  [ 10 ] Bug #2247413 - CVE-2023-5851 chromium: chromium-browser: Inappropriate implementation in Downloads [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247413
  [ 11 ] Bug #2247414 - CVE-2023-5852 chromium: chromium-browser: Use after free in Printing [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247414
  [ 12 ] Bug #2247415 - CVE-2023-5852 chromium: chromium-browser: Use after free in Printing [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247415
  [ 13 ] Bug #2247416 - CVE-2023-5853 chromium: chromium-browser: Incorrect security UI in Downloads [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247416
  [ 14 ] Bug #2247417 - CVE-2023-5853 chromium: chromium-browser: Incorrect security UI in Downloads [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247417
  [ 15 ] Bug #2247418 - CVE-2023-5854 chromium: chromium-browser: Use after free in Profiles [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247418
  [ 16 ] Bug #2247419 - CVE-2023-5855 chromium: chromium-browser: Use after free in Reading Mode [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247419
  [ 17 ] Bug #2247420 - CVE-2023-5854 chromium: chromium-browser: Use after free in Profiles [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247420
  [ 18 ] Bug #2247421 - CVE-2023-5855 chromium: chromium-browser: Use after free in Reading Mode [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247421
  [ 19 ] Bug #2247422 - CVE-2023-5856 chromium: chromium-browser: Use after free in Side Panel [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247422
  [ 20 ] Bug #2247423 - CVE-2023-5856 chromium: chromium-browser: Use after free in Side Panel [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247423
  [ 21 ] Bug #2247424 - CVE-2023-5858 chromium: chromium-browser: Inappropriate implementation in WebApp Provider [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247424
  [ 22 ] Bug #2247425 - CVE-2023-5859 chromium: chromium-browser: Incorrect security UI in Picture In Picture [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247425
  [ 23 ] Bug #2247426 - CVE-2023-5858 chromium: chromium-browser: Inappropriate implementation in WebApp Provider [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247426
  [ 24 ] Bug #2247429 - CVE-2023-5857 chromium: chromium-browser: Inappropriate implementation in Downloads [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247429
  [ 25 ] Bug #2247430 - CVE-2023-5857 chromium: chromium-browser: Inappropriate implementation in Downloads [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2247430
--------------------------------------------------------------------------------


================================================================================
 ndisc6-1.0.7-3.el9 (FEDORA-EPEL-2023-48b890eb85)
 IPv6 diagnostic tools
--------------------------------------------------------------------------------
Update Information:

EPEL9 build of ndisc6.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 20 2023 Dominik Mierzejewski <dominik@xxxxxxxxxxxxxx> - 1.0.7-3
- Switch to HTTPS URLs
- Enable tarball signature verification
- Drop unused patch
- Sort file list alphabetically
- Use SPDX identifiers in License: field
* Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun  6 2023 Michele Baldessari <michele@xxxxxxxxxx> - 1.0.7-1
- New upstream
* Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Aug 16 2022 Michele Baldessari <michele@xxxxxxxxxx> - 1.0.6-1
- New upstream
* Fri Jul 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Feb 25 2022 Michele Baldessari <michele@xxxxxxxxxx> - 1.0.5-1
- New upstream
* Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2097191 - [EPEL9] Please branch and build ndisc6 in epel9
        https://bugzilla.redhat.com/show_bug.cgi?id=2097191
--------------------------------------------------------------------------------


================================================================================
 packit-0.86.2-1.el9 (FEDORA-EPEL-2023-9ecc80d1d9)
 A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:

Automatic update for packit-0.86.2-1.el9.  ##### **Changelog for packit**  ``` *
Mon Nov 20 2023 Packit <hello@xxxxxxxxxx> - 0.86.2-1 - Packit _0.86.1_ was not
released on PyPI due to an internal bug, it should be fixed in this release. -
Resolves rhbz#2247071  ```
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 20 2023 Packit <hello@xxxxxxxxxx> - 0.86.2-1
- Packit _0.86.1_ was not released on PyPI due to an internal bug, it should be fixed in this release.
- Resolves rhbz#2247071
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2247071 - packit-0.86.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2247071
--------------------------------------------------------------------------------


================================================================================
 python-specfile-0.25.0-1.el9 (FEDORA-EPEL-2023-1c8bddb66a)
 A library for parsing and manipulating RPM spec files
--------------------------------------------------------------------------------
Update Information:

Automatic update for python-specfile-0.25.0-1.el9.  ##### **Changelog for
python-specfile**  ``` * Mon Nov 20 2023 Packit <hello@xxxxxxxxxx> - 0.25.0-1 -
There is a new method, `Specfile.update_version()`, that allows updating spec
file version even if it is a pre-release. (#317)  ```
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 20 2023 Packit <hello@xxxxxxxxxx> - 0.25.0-1
- There is a new method, `Specfile.update_version()`, that allows updating spec file version even if it is a pre-release. (#317)
--------------------------------------------------------------------------------


================================================================================
 python3-rpm-4.16.1.3-25.1.el9 (FEDORA-EPEL-2023-19e6f88b9b)
 Python 3.X packages with RPM bindings
--------------------------------------------------------------------------------
Update Information:

Sync with RHEL 9.3.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 30 2023 Florian Festi <ffesti@xxxxxxxxxx> - 4.16.1.3-25
- Followup on #2166383
- Add compat scripts calling external find-debug, sepdebugcrcfix and debugedit
- Add %__find_debuginfo macro
* Thu May  4 2023 Florian Festi <ffesti@xxxxxxxxxx> - 4.16.1.3-24
- Use external find-debug and debugedit (#2166383)
* Wed May  3 2023 Florian Festi <ffesti@xxxxxxxxxx> - 4.16.1.3-23
- Don't error out on IMA signatures on files not supporting them
  (#2157835, #2157836)
--------------------------------------------------------------------------------


================================================================================
 qbittorrent-4.6.0-1.el9 (FEDORA-EPEL-2023-606db71e76)
 A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:

build for epel9
--------------------------------------------------------------------------------
ChangeLog:

* Sun Oct 22 2023 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.6.0-1
- Update to 4.6.0
* Fri Jul 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:4.5.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jun  5 2023 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.5.3-1
- Update to 4.5.3
* Sat Mar  4 2023 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.5.2-1
- Update to 4.5.2
* Mon Feb 13 2023 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.5.1-1
- Update to 4.5.1
* Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:4.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Nov 28 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.5.0-1
- Update to 4.5.0
- Use qt5 for f36+ due to broken qt6-qtbase-devel
* Tue Nov  1 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.4.5-1
- Update to 4.4.5
* Wed Aug 24 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.4.4-2
- Fix magnet tracker issue
* Wed Aug 24 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.4.4-1
- Update to 4.4.4
* Fri Jul 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:4.4.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed May 25 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.4.3.1-1
- Update to 4.4.3.1
* Tue May 24 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.4.3-1
- Update to 4.4.3
* Sun Apr 24 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.4.2-2
- Add qtsvg requires
* Fri Mar 25 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.4.2-1
- Update to 4.4.2
* Thu Feb 17 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.4.1-1
- Update to 4.4.1
* Fri Jan 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:4.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Jan 10 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.4.0-2
- Use QT6 for F36 build
* Fri Jan  7 2022 Leigh Scott <leigh123linux@xxxxxxxxx> - 1:4.4.0-1
- Update to 4.4.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2172281 - Please branch and build qbittorrent in epel9
        https://bugzilla.redhat.com/show_bug.cgi?id=2172281
--------------------------------------------------------------------------------


================================================================================
 rb_libtorrent-2.0.9-3.el9 (FEDORA-EPEL-2023-b94d3c178d)
 A C++ BitTorrent library aiming to be the best alternative
--------------------------------------------------------------------------------
Update Information:

update to 2.0.9
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.0.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 15 2023 Python Maint <python-maint@xxxxxxxxxx> - 2.0.9-2
- Rebuilt for Python 3.12
* Fri May 26 2023 Leigh Scott <leigh123linux@xxxxxxxxx> - 2.0.9-1
- Upgrade to 2.0.9
--------------------------------------------------------------------------------

--
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux