The following Fedora EPEL 9 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-6a67ef6626 unrealircd-6.1.4-1.el9 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b19336b76b tor-0.4.8.10-1.el9 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7ff32fc746 podman-tui-0.15.0-2.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing chromium-120.0.6099.129-1.el9 cxxopts-3.1.1-2.el9 flatseal-1.7.5-2.el9 gn-2077-3.20231220git5e19d2fb166f.el9 neomutt-20231221-1.el9 proftpd-1.3.8b-1.el9 rust-anyhow-1.0.76-1.el9 rust-async-trait-0.1.75-1.el9 rust-elliptic-curve-0.13.8-1.el9 rust-inventory-0.3.14-1.el9 rust-pkg-config-0.3.28-1.el9 rust-trybuild-1.0.86-1.el9 rust-zerocopy-0.7.32-1.el9 rust-zerocopy-derive-0.7.32-1.el9 rust-zerocopy-derive0.6-0.6.6-1.el9 rust-zerocopy0.6-0.6.6-1.el9 wlcs-1.7.0-1.el9 Details about builds: ================================================================================ chromium-120.0.6099.129-1.el9 (FEDORA-EPEL-2023-b300e89045) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 120.0.6099.129 - High CVE-2023-7024: Heap buffer overflow in WebRTC ---- update to 120.0.6099.109 - High CVE-2023-6702: Type Confusion in V8 - High CVE-2023-6703: Use after free in Blink - High CVE-2023-6704: Use after free in libavif - High CVE-2023-6705: Use after free in WebRTC - High CVE-2023-6706: Use after free in FedCM - Medium CVE-2023-6707: Use after free in CSS ---- Update to 120.0.6099.71 ---- Update to 120.0.6099.62, upstream release fixes follow security issues: * High CVE-2023-6508: Use after free in Media Stream * High CVE-2023-6509: Use after free in Side Panel Search * Medium CVE-2023-6510: Use after free in Media Capture * Low CVE-2023-6511: Inappropriate implementation in Autofill * Low CVE-2023-6512: Inappropriate implementation in Web Browser UI ---- update to 119.0.6045.199, upstream security release * High CVE-2023-6348: Type Confusion in Spellcheck * High CVE-2023-6347: Use after free in Mojo * High CVE-2023-6346: Use after free in WebAudio * High CVE-2023-6350: Out of bounds memory access in libavif * High CVE-2023-6351: Use after free in libavif * High CVE-2023-6345: Integer overflow in Skia -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Than Ngo <than@xxxxxxxxxx> - 120.0.6099.129-1 - update to 120.0.6099.129 * High CVE-2023-7024: Heap buffer overflow in WebRTC * Wed Dec 13 2023 Than Ngo <than@xxxxxxxxxx> - 120.0.6099.109-1 - update to 120.0.6099.109 * High CVE-2023-6702: Type Confusion in V8 * High CVE-2023-6703: Use after free in Blink * High CVE-2023-6704: Use after free in libavif * High CVE-2023-6705: Use after free in WebRTC * High CVE-2023-6706: Use after free in FedCM * Medium CVE-2023-6707: Use after free in CSS * Fri Dec 8 2023 Than Ngo <than@xxxxxxxxxx> - 120.0.6099.71-1 - update to 120.0.6099.71 * Wed Dec 6 2023 Than Ngo <than@xxxxxxxxxx> - 120.0.6099.62-2 - drop unsupported ldflag which caused build failure * Tue Dec 5 2023 Than Ngo <than@xxxxxxxxxx> - 120.0.6099.62-1 - update to 120.0.6099.62 - fixed bz#2252874, built with control flow integrity (CFI) support * Sat Dec 2 2023 Than Ngo <than@xxxxxxxxxx> - 120.0.6099.56-1 - update to 120.0.6099.56 - enable qt6 UI backend * Sat Dec 2 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.199-2 - fixed bz#2242271, built with bundleminizip in fedora > 39 - fixed bz#2251884, built with fstack-protector-strong for improved security * Wed Nov 29 2023 Than Ngo <than@xxxxxxxxxx> - 119.0.6045.199-1 - update to 119.0.6045.199 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2252009 - CVE-2023-6346 CVE-2023-6347 CVE-2023-6350 CVE-2023-6351 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252009 [ 2 ] Bug #2252188 - CVE-2023-6345 chromium: chromium-browser: Integer overflow [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252188 [ 3 ] Bug #2252191 - CVE-2023-6348 chromium: chromium-browser: Type Confusion in Spellcheck [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2252191 [ 4 ] Bug #2253151 - CVE-2023-6508 chromium: Use after free in Media Stream [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253151 [ 5 ] Bug #2253154 - CVE-2023-6509 chromium: Use after free in Side Panel Search [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253154 [ 6 ] Bug #2253157 - CVE-2023-6510 chromium: Use after free in Media Capture [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253157 [ 7 ] Bug #2253161 - CVE-2023-6511 chromium: Inappropriate implementation in Autofill [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253161 [ 8 ] Bug #2253164 - CVE-2023-6512 chromium: Inappropriate implementation in Web Browser UI [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253164 [ 9 ] Bug #2254676 - CVE-2023-6702 CVE-2023-6703 CVE-2023-6704 CVE-2023-6705 CVE-2023-6706 CVE-2023-6707 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254676 [ 10 ] Bug #2254958 - CVE-2022-4955 chromium: chromium-browser: inappropriate implementation in DevTools [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2254958 [ 11 ] Bug #2255490 - CVE-2023-7024 chromium: chromium-browser: Heap buffer overflow in WebRTC [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2255490 -------------------------------------------------------------------------------- ================================================================================ cxxopts-3.1.1-2.el9 (FEDORA-EPEL-2023-073e13eac4) Lightweight C++ command line option parser -------------------------------------------------------------------------------- Update Information: Build for EPEL -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Feb 15 2023 Vitaly Zaitsev <vitaly@xxxxxxxxxxxxxx> - 3.1.1-1 - Updated to version 3.1.1. * Wed Feb 15 2023 Vitaly Zaitsev <vitaly@xxxxxxxxxxxxxx> - 3.1.0-1 - Updated to version 3.1.0. * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.0.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Jul 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.0.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.0.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Mon Jan 17 2022 Vitaly Zaitsev <vitaly@xxxxxxxxxxxxxx> - 3.0.0-2 - Explicitly disabled -Werror flag. * Sat Oct 23 2021 Vitaly Zaitsev <vitaly@xxxxxxxxxxxxxx> - 3.0.0-1 - Updated to version 3.0.0. * Wed Jul 28 2021 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2.2.1-4 - Provide un-arched versions of virtual Provides * Wed Jul 21 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2252342 - Please branch and build cxxopts for EPEL8 and EPEL9 https://bugzilla.redhat.com/show_bug.cgi?id=2252342 -------------------------------------------------------------------------------- ================================================================================ flatseal-1.7.5-2.el9 (FEDORA-EPEL-2023-ed5c3920e4) Manage Flatpak permissions -------------------------------------------------------------------------------- Update Information: Add explicit gjs dependency -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 1.7.5-2 - Add explicit gjs dependency -------------------------------------------------------------------------------- References: [ 1 ] Bug #2255405 - After Installation fails to run https://bugzilla.redhat.com/show_bug.cgi?id=2255405 -------------------------------------------------------------------------------- ================================================================================ gn-2077-3.20231220git5e19d2fb166f.el9 (FEDORA-EPEL-2023-722e494573) Meta-build system that generates build files for Ninja -------------------------------------------------------------------------------- Update Information: Update to 2077, which is new enough to build Chromium. Convert License to SPDX. Enable HTML documentation. Other minor packaging improvements. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 20 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2077-3.20231220git5e19d2fb166f - Enable HTML documentation * Wed Dec 20 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2077-2.20231220git5e19d2fb166f - Allow warnings in the build * Wed Dec 20 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2077-1.20231220git5e19d2fb166f - Update to version 2077 * Wed Dec 20 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1953-11.20211205gite0afadf7 - Indicate dirs. in files list with trailing slashes * Wed Dec 20 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1953-10.20211205gite0afadf7 - Convert License to SPDX * Wed Dec 20 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1953-9.20211205gite0afadf7 - Add patch upstream status for gn-0153d369-no-O3.patch -------------------------------------------------------------------------------- ================================================================================ neomutt-20231221-1.el9 (FEDORA-EPEL-2023-11b0b3741e) Text mode Mail Client -------------------------------------------------------------------------------- Update Information: NeoMutt Release 2023-12-21 A smallish release, this month. Plenty of bug- fixes, but the majority of the changes happened behind the scenes. Release Notes: https://github.com/neomutt/neomutt/releases/tag/20231221 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Richard Russon <rich@xxxxxxxxxxx> - 20231221-1 - Features - #4126 - add alias 'tags:' - Bug Fixes - #4115 - create HelpBar after colours - #4116 - Fix Batch Sending of Emails - #4119 - Fix Header Cache Key Handling - #4121 - mutt_oauth2.py: error out if ENCRYPTION_PIPE was not supplied - #4124 - config: fix flag overlaps - #4125 - compose: restore view-text/pager/mailcap - color: fix attr_color_copy() - fix :color dump - fix leak in completion - force mail check on current mailbox after `<imap-fetch-mail>` - Allow sending an empty mail - mutt_oauth2.py: Use readline to overcome macOS input() restrictions - Changed Config - add $history_format: '%s' - Translations - 100% Czech - 100% German - 100% Lithuanian - 100% Serbian - 100% Slovak - 100% Turkish - 99% Spanish - 99% Hungarian - Coverity defects - #4111 Educate Coverity about ARRAYs - fix defects - Build - #4098 - build: use fallthrough attribute - #4100 - build: split maildir and mh types - #4101 - version: drop default features - #4108 - strip non-conditionals - #4122 - add github action to check for unused functions (xunused) - update fedora action - coverage: fix build for lcov v2 - tests: fix error cases - Code - #4097 - config: add DT_ON_STARTUP - #4104 - Change mutt_default_save() and addr_hook() to take a buffer - #4105 - Use buffer pool in tests - #4106 - Switch some buffers to use the buffer pool - #4109 - Improve the Progress Bar - #4117 - remove MxOps::path_parent() and mutt_path_parent() - #4120 - remove unused functions - #4131 - move editor test code - #4133 - move log_disp_null() into test folder - #4137 - move config string name functions into tests - add: hook_new()/hook_free() - fix more printf-style params - rename compare to equal - hcache: renaming for clarity -------------------------------------------------------------------------------- ================================================================================ proftpd-1.3.8b-1.el9 (FEDORA-EPEL-2023-b698d8c031) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-48795 (Terrapin SSH protocol attack), affecting mod_sftp. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 20 2023 Paul Howarth <paul@xxxxxxxxxxxx> - 1.3.8b-1 - Update to 1.3.8b - Compiling ProFTPD 1.3.8a mod_sftp, mod_tls using libressl 3.7.3 failed (GH#1735) - Build system failed for specific module names (GH#1756) - "Terrapin" Prefix Truncation Attacks in SSH Specification affected mod_sftp (CVE-2023-48795, GH#1760) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) https://bugzilla.redhat.com/show_bug.cgi?id=2254210 -------------------------------------------------------------------------------- ================================================================================ rust-anyhow-1.0.76-1.el9 (FEDORA-EPEL-2023-cab831430f) Flexible concrete Error type built on std::error::Error -------------------------------------------------------------------------------- Update Information: Update to version 1.0.76. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.0.76-1 - Update to version 1.0.76; Fixes RHBZ#2255475 -------------------------------------------------------------------------------- ================================================================================ rust-async-trait-0.1.75-1.el9 (FEDORA-EPEL-2023-ab763e10b9) Type erasure for async trait methods -------------------------------------------------------------------------------- Update Information: Update to version 0.1.75. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.1.75-1 - Update to version 0.1.75; Fixes RHBZ#2255471 -------------------------------------------------------------------------------- ================================================================================ rust-elliptic-curve-0.13.8-1.el9 (FEDORA-EPEL-2023-49ffd6a56b) General purpose Elliptic Curve Cryptography -------------------------------------------------------------------------------- Update Information: Update to version 0.13.8. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.13.8-1 - Update to version 0.13.8; Fixes RHBZ#2250551 -------------------------------------------------------------------------------- ================================================================================ rust-inventory-0.3.14-1.el9 (FEDORA-EPEL-2023-a7c9e35768) Typed distributed plugin registration -------------------------------------------------------------------------------- Update Information: Update to version 0.3.14. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.3.14-1 - Update to version 0.3.14; Fixes RHBZ#2255550 -------------------------------------------------------------------------------- ================================================================================ rust-pkg-config-0.3.28-1.el9 (FEDORA-EPEL-2023-acfe3279ba) Library to run the pkg-config system tool -------------------------------------------------------------------------------- Update Information: Update to version 0.3.28. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.3.28-1 - Update to version 0.3.28; Fixes RHBZ#2255417 -------------------------------------------------------------------------------- ================================================================================ rust-trybuild-1.0.86-1.el9 (FEDORA-EPEL-2023-1d8a72f5cd) Test harness for ui tests of compiler diagnostics -------------------------------------------------------------------------------- Update Information: Update to version 1.0.86. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.0.86-1 - Update to version 1.0.86; Fixes RHBZ#2255313 -------------------------------------------------------------------------------- ================================================================================ rust-zerocopy-0.7.32-1.el9 (FEDORA-EPEL-2023-d09b5aa5c8) Utilities for zero-copy parsing and serialization -------------------------------------------------------------------------------- Update Information: - Update the zerocopy and zerocopy-derive crates to version 0.7.32. - Update the compat packages for the two crates to version 0.6.6. Addresses RUSTSEC-2023-0074. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.7.32-1 - Update to version 0.7.32; Fixes RHBZ#2253063 -------------------------------------------------------------------------------- ================================================================================ rust-zerocopy-derive-0.7.32-1.el9 (FEDORA-EPEL-2023-d09b5aa5c8) Custom derive for traits from the zerocopy crate -------------------------------------------------------------------------------- Update Information: - Update the zerocopy and zerocopy-derive crates to version 0.7.32. - Update the compat packages for the two crates to version 0.6.6. Addresses RUSTSEC-2023-0074. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.7.32-1 - Update to version 0.7.32; Fixes RHBZ#2253064 -------------------------------------------------------------------------------- ================================================================================ rust-zerocopy-derive0.6-0.6.6-1.el9 (FEDORA-EPEL-2023-d09b5aa5c8) Custom derive for traits from the zerocopy crate -------------------------------------------------------------------------------- Update Information: - Update the zerocopy and zerocopy-derive crates to version 0.7.32. - Update the compat packages for the two crates to version 0.6.6. Addresses RUSTSEC-2023-0074. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.6.6-1 - Update to version 0.6.6 -------------------------------------------------------------------------------- ================================================================================ rust-zerocopy0.6-0.6.6-1.el9 (FEDORA-EPEL-2023-d09b5aa5c8) Utilities for zero-copy parsing and serialization -------------------------------------------------------------------------------- Update Information: - Update the zerocopy and zerocopy-derive crates to version 0.7.32. - Update the compat packages for the two crates to version 0.6.6. Addresses RUSTSEC-2023-0074. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.6.6-1 - Update to version 0.6.6 -------------------------------------------------------------------------------- ================================================================================ wlcs-1.7.0-1.el9 (FEDORA-EPEL-2023-2c1ede7923) Wayland Conformance Test Suite -------------------------------------------------------------------------------- Update Information: ## wlcs 1.7.0 - New tests for `input-method-v1` - Handle incomplete logical pointer/touch events better - `XdgToplevelStable`: Fix race in .configure handling - helpers: avoid triggering a kernel warning - `InProcessServer`: Fix `xdg_shell` window construction - `XdgSurfaceStable`: Fix configure event logic -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.7.0-1 - Update to 1.7.0 (close RHBZ#2254812) * Thu Dec 21 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.6.1-1 - Update to 1.6.1 (close RHBZ#2243684) * Wed Jul 19 2023 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.6.0-1 - Update to 1.6.0 (close RHBZ#2223843) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254812 - wlcs-1.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2254812 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
