The following Fedora EPEL 7 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7e5dc8aef7 chromium-119.0.6045.159-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing golang-1.20.10-3.el7 php-smarty-gettext-1.7.0-2.el7 Details about builds: ================================================================================ golang-1.20.10-3.el7 (FEDORA-EPEL-2023-1c906d04ee) The Go Programming Language -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-39320, CVE-2023-39318, CVE-2023-39321, CVE-2023-39322, CVE-2023-39323 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 23 2023 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 1.20.10-3 - Skip ppc64le_cgo_inline_plt test which is failing on el7. * Thu Nov 23 2023 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 1.20.10-2 - Rebuild to correct day of week on 1.19.13 changelog. * Thu Nov 23 2023 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 1.20.10-1 - Update to 1.20.10 by doing the equivalent changes done in RedHat ubi8. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2237775 - CVE-2023-39320 golang: cmd/go: go.mod toolchain directive allows arbitrary execution https://bugzilla.redhat.com/show_bug.cgi?id=2237775 [ 2 ] Bug #2237776 - CVE-2023-39318 golang: html/template: improper handling of HTML-like comments within script contexts https://bugzilla.redhat.com/show_bug.cgi?id=2237776 [ 3 ] Bug #2237777 - CVE-2023-39321 golang: crypto/tls: panic when processing post-handshake message on QUIC connections https://bugzilla.redhat.com/show_bug.cgi?id=2237777 [ 4 ] Bug #2237778 - CVE-2023-39322 golang: crypto/tls: lack of a limit on buffered post-handshake https://bugzilla.redhat.com/show_bug.cgi?id=2237778 [ 5 ] Bug #2242544 - CVE-2023-39323 golang: cmd/go: line directives allows arbitrary execution during build https://bugzilla.redhat.com/show_bug.cgi?id=2242544 -------------------------------------------------------------------------------- ================================================================================ php-smarty-gettext-1.7.0-2.el7 (FEDORA-EPEL-2023-976baae7b3) Gettext support for Smarty -------------------------------------------------------------------------------- Update Information: First EPEL 7 build. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 16 2023 Xavier Bachelot <xavier@xxxxxxxxxxxx> - 1.7.0-2 - Provide autoloader - Run test suite * Mon Jul 17 2023 Xavier Bachelot <xavier@xxxxxxxxxxxx> - 1.7.0-1 - Initial package -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
