The following Fedora EPEL 9 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-11c0b9b06a prometheus-podman-exporter-1.7.0-1.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-8e93f1b716 indent-2.2.13-5.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5e8a045fdd atril-1.26.2-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing chromium-121.0.6167.85-1.el9 ddrescue-1.28-1.el9 hatch-1.7.0-14.el9 lightdm-1.30.0-19.el9 linux-sysinfo-snapshot-3.7.6-1.el9 qm-0.6.2-1.el9 rust-sequoia-openpgp-1.18.0-1.el9 xrootd-5.6.6-1.el9 Details about builds: ================================================================================ chromium-121.0.6167.85-1.el9 (FEDORA-EPEL-2024-44533eb648) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 121.0.6167.85 * High CVE-2024-0807: Use after free in WebAudio * High CVE-2024-0812: Inappropriate implementation in Accessibility * High CVE-2024-0808: Integer underflow in WebUI * Medium CVE-2024-0810: Insufficient policy enforcement in DevTools * Medium CVE-2024-0814: Incorrect security UI in Payments * Medium CVE-2024-0813: Use after free in Reading Mode * Medium CVE-2024-0806: Use after free in Passwords * Medium CVE-2024-0805: Inappropriate implementation in Downloads * Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI * Low CVE-2024-0811: Inappropriate implementation in Extensions API * Low CVE-2024-0809: Inappropriate implementation in Autofill -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 24 2024 Than Ngo <than@xxxxxxxxxx> - 121.0.6167.85-1 - update to 121.0.6167.85 * High CVE-2024-0807: Use after free in WebAudio * High CVE-2024-0812: Inappropriate implementation in Accessibility * High CVE-2024-0808: Integer underflow in WebUI * Medium CVE-2024-0810: Insufficient policy enforcement in DevTools * Medium CVE-2024-0814: Incorrect security UI in Payments * Medium CVE-2024-0813: Use after free in Reading Mode * Medium CVE-2024-0806: Use after free in Passwords * Medium CVE-2024-0805: Inappropriate implementation in Downloads * Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI * Low CVE-2024-0811: Inappropriate implementation in Extensions API * Low CVE-2024-0809: Inappropriate implementation in Autofill * Tue Jan 23 2024 Than Ngo <than@xxxxxxxxxx> - 121.0.6167.71-1 - update to 121.0.6167.71 * Tue Jan 23 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 120.0.6099.224-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2260066 - CVE-2024-0806 CVE-2024-0807 CVE-2024-0808 CVE-2024-0810 CVE-2024-0812 CVE-2024-0813 CVE-2024-0814 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2260066 -------------------------------------------------------------------------------- ================================================================================ ddrescue-1.28-1.el9 (FEDORA-EPEL-2024-deba493214) Data recovery tool trying hard to rescue data in case of read errors -------------------------------------------------------------------------------- Update Information: bugfix relelase -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 26 2024 Michal Ambroz <rebus AT_ seznam.cz> - 1.28-1 - Update to 1.28 * Wed Jan 24 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.27-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.27-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.27-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2259910 - ddrescue-1.28 is available https://bugzilla.redhat.com/show_bug.cgi?id=2259910 -------------------------------------------------------------------------------- ================================================================================ hatch-1.7.0-14.el9 (FEDORA-EPEL-2024-f141b9bc4c) A modern project, package, and virtual env manager -------------------------------------------------------------------------------- Update Information: Minor packaging improvements -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 26 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.7.0-14 - Minor packaging improvements -------------------------------------------------------------------------------- ================================================================================ lightdm-1.30.0-19.el9 (FEDORA-EPEL-2024-1134025600) A cross-desktop Display Manager -------------------------------------------------------------------------------- Update Information: - Fix start order with systemd-hostnamed.service in lightdm.service -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 26 2024 Christoph Junghans <junghans@xxxxxxxxx> - 1.30.0-19 - Fix start order with systemd-hostnamed.service in lightdm.service (bug #2167386) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2167386 - Login only works on 2nd attempt https://bugzilla.redhat.com/show_bug.cgi?id=2167386 -------------------------------------------------------------------------------- ================================================================================ linux-sysinfo-snapshot-3.7.6-1.el9 (FEDORA-EPEL-2024-62d01a7dc1) System information snapshot tool for Mellanox adapters -------------------------------------------------------------------------------- Update Information: Initial import; Fixes: RHBZ#2260380 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 26 2024 Davide Cavalca <dcavalca@xxxxxxxxxxxxxxxxx> - 3.7.6-1 - Initial import; Fixes: RHBZ#2260380 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2260380 - Review Request: linux-sysinfo-snapshot - System information snapshot tool for Mellanox adapters https://bugzilla.redhat.com/show_bug.cgi?id=2260380 -------------------------------------------------------------------------------- ================================================================================ qm-0.6.2-1.el9 (FEDORA-EPEL-2024-b8c4773a59) Containerized environment for running Quality Management software -------------------------------------------------------------------------------- Update Information: update to version 0.6.2 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 26 2024 Douglas Schilling Landgraf <dougsland@xxxxxxxxxx> - 0.6.2-1 - Update to version v0.6.2 * Thu Jan 18 2024 Douglas Schilling Landgraf <dougsland@xxxxxxxxxx> - 0.6.1-1 - Update to version 0.6.1 -------------------------------------------------------------------------------- ================================================================================ rust-sequoia-openpgp-1.18.0-1.el9 (FEDORA-EPEL-2024-fb80380ba2) OpenPGP data types and associated machinery -------------------------------------------------------------------------------- Update Information: Update to version 1.18.0. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 26 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.18.0-1 - Update to version 1.18.0; Fixes RHBZ#2260491 -------------------------------------------------------------------------------- ================================================================================ xrootd-5.6.6-1.el9 (FEDORA-EPEL-2024-d7a6dcb922) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: XRootD 5.6.6 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 26 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.6.6-1 - Update to version 5.6.6 * Mon Jan 22 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.6.5-1 - Update to version 5.6.5 - Drop patches accepted upstream * Wed Jan 17 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.6.4-2 - Fix printf null pointer error -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue