The following Fedora EPEL 7 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-60e0cc89b7 perl-Spreadsheet-ParseExcel-0.6600-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-8eb8988cb8 exim-4.97.1-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing chromium-120.0.6099.199-1.el7 Details about builds: ================================================================================ chromium-120.0.6099.199-1.el7 (FEDORA-EPEL-2024-148b296f8a) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 120.0.6099.199 - CVE-2023-6879 aom: heap-buffer-overflow on frame size change - CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz - CVE-2024-0222: Use after free in ANGLE - CVE-2024-0223: Heap buffer overflow in ANGLE - CVE-2024-0224: Use after free in WebAudio - CVE-2024-0225: Use after free in WebGPU -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 4 2024 Than Ngo <than@xxxxxxxxxx> - 120.0.6099.199-1 - new gn update, drop workaround for broken gn on epel 8/9 - update to 120.0.6099.199 * CVE-2024-0222: Use after free in ANGLE * CVE-2024-0223: Heap buffer overflow in ANGLE * CVE-2024-0224: Use after free in WebAudio * CVE-2024-0225: Use after free in WebGPU -------------------------------------------------------------------------------- References: [ 1 ] Bug #2256056 - CVE-2023-6879 chromium: aom: heap-buffer-overflow on frame size change [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256056 [ 2 ] Bug #2256196 - CVE-2023-7104 chromium: sqlite: heap-buffer-overflow at sessionfuzz [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256196 [ 3 ] Bug #2256794 - CVE-2024-0222 chromium: Use after free in ANGLE, compromised the renderer process to potentially exploit heap corruption via a crafted HTML page [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256794 [ 4 ] Bug #2256801 - CVE-2024-0223 chromium: heap corruption via a crafted HTML page in angle [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256801 [ 5 ] Bug #2256807 - CVE-2024-0224 chromium: heap corruption via a crafted HTML page in webaudio [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256807 [ 6 ] Bug #2256813 - CVE-2024-0225 chromium: heap corruption via a crafted HTML page in webgpu [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256813 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
