The following Fedora EPEL 8 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d241ea2238 libuev-2.4.1-1.el8 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d7cc38dee9 apptainer-1.3.0-1.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d521530f6a amavis-2.13.1-1.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-ac18018db8 tcpreplay-4.4.4-5.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing copr-rpmbuild-0.72-1.el8 libgit2_1.7-1.7.2-1.el8 lynis-3.1.1-1.el8 openelp-0.9.3-1.el8 python-copr-common-0.23-1.el8 python-specfile-0.28.0-1.el8 python3.11-pygit2-1.14.0-1.el8 radicale-3.1.9-1.el8 resalloc-5.4-1.el8 w3m-0.5.3-63.git20230121.el8 Details about builds: ================================================================================ copr-rpmbuild-0.72-1.el8 (FEDORA-EPEL-2024-50faa01ddb) Run COPR build tasks -------------------------------------------------------------------------------- Update Information: don't clean after builds with user ssh access -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 16 2024 Pavel Raiskup <praiskup@xxxxxxxxxx> 0.72-1 - don't clean after builds with user ssh access * Fri Mar 1 2024 Pavel Raiskup <praiskup@xxxxxxxxxx> 0.71-1 - don't set bootstrap_image_ready for rawhide - no Jinja-vars in config_opts keys (mock-core-configs 40.2 compat) - allow user SSH to builders - fix copr-rpmbuild --dump-configs - install copr-distgit-client with copr-rpmbuild -------------------------------------------------------------------------------- ================================================================================ libgit2_1.7-1.7.2-1.el8 (FEDORA-EPEL-2024-6395ae2eec) C implementation of the Git core methods as a library with a solid API -------------------------------------------------------------------------------- Update Information: This update introduces a compatibility package for libgit2 version 1.7.x. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 18 2024 Nils Philippsen <nils@xxxxxxxxxx> - 1.7.2-1 - Import package -------------------------------------------------------------------------------- ================================================================================ lynis-3.1.1-1.el8 (FEDORA-EPEL-2024-7a4a8669a9) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: 3.1.1, fix bash-completion issue. 3.1.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 18 2024 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 3.1.1-1 - 3.1.1 * Tue Mar 12 2024 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 3.1.0-1 - 3.1.0 * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.0.9-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.0.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Tue Dec 19 2023 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 3.0.9-5 - Additional egrep patch * Wed Dec 6 2023 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 3.0.9-4 - pgrep patch * Tue Sep 19 2023 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 3.0.9-3 - Additional egrep patch * Mon Aug 7 2023 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 3.0.9-2 - Upstream patch to remove egrep usage -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268997 - lynis-3.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2268997 [ 2 ] Bug #2270013 - File conflict with filesystem https://bugzilla.redhat.com/show_bug.cgi?id=2270013 [ 3 ] Bug #2270108 - lynis-3.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2270108 -------------------------------------------------------------------------------- ================================================================================ openelp-0.9.3-1.el8 (FEDORA-EPEL-2024-6d66e8a036) Open Source EchoLink Proxy -------------------------------------------------------------------------------- Update Information: Update to OpenELP 0.9.3 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 17 2024 Scott K Logan <logans@xxxxxxxxxxx> - 0.9.3-1 - Update to 0.9.3 -------------------------------------------------------------------------------- ================================================================================ python-copr-common-0.23-1.el8 (FEDORA-EPEL-2024-09ce04b70a) Python code used by Copr -------------------------------------------------------------------------------- Update Information: New resalloc upstream release https://github.com/praiskup/resalloc/releases/tag/v5.4 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 15 2024 Pavel Raiskup <praiskup@xxxxxxxxxx> 0.23-1 - make get_redis_connection to accept dict-like 'opts' argument -------------------------------------------------------------------------------- ================================================================================ python-specfile-0.28.0-1.el8 (FEDORA-EPEL-2024-00db7e3914) A library for parsing and manipulating RPM spec files -------------------------------------------------------------------------------- Update Information: Update for python-specfile-0.28.0. Changelog * Sun Mar 17 2024 Packit <hello@xxxxxxxxxx> - 0.28.0-1 - A trailing newline is no longer added to spec files without one upon saving. (#353) -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 17 2024 Packit <hello@xxxxxxxxxx> - 0.28.0-1 - A trailing newline is no longer added to spec files without one upon saving. (#353) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2173057 - python-specfile-0.28.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2173057 -------------------------------------------------------------------------------- ================================================================================ python3.11-pygit2-1.14.0-1.el8 (FEDORA-EPEL-2024-d105b8582b) Python bindings for libgit2 -------------------------------------------------------------------------------- Update Information: This update introduces the current version of pygit2 for Python 3.11. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 18 2024 Nils Philippsen <nils@xxxxxxxxxx> - 1.14.0-1 - Import package -------------------------------------------------------------------------------- ================================================================================ radicale-3.1.9-1.el8 (FEDORA-EPEL-2024-6279d9ad52) A simple CalDAV (calendar) and CardDAV (contact) server -------------------------------------------------------------------------------- Update Information: Update to 3.1.9 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 18 2024 Peter Bieringer <pb@xxxxxxxxxxxx> - 3.1.9-1 - Update to 3.1.9 - Remove obsolete patches - Add support for intermediate build using gitcommit -------------------------------------------------------------------------------- ================================================================================ resalloc-5.4-1.el8 (FEDORA-EPEL-2024-09ce04b70a) Resource allocator for expensive resources - client tooling -------------------------------------------------------------------------------- Update Information: New resalloc upstream release https://github.com/praiskup/resalloc/releases/tag/v5.4 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 15 2024 Pavel Raiskup <praiskup@xxxxxxxxxx> - 5.4-1 - New upstream release https://github.com/praiskup/resalloc/releases/tag/v5.4 -------------------------------------------------------------------------------- ================================================================================ w3m-0.5.3-63.git20230121.el8 (FEDORA-EPEL-2024-bf31852fe0) Pager with Web browsing abilities -------------------------------------------------------------------------------- Update Information: Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207) -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 18 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 0.5.3-63.git20230121 - Added upstream patch to fix out-of-bounds access due to multiple backspaces to address incomplete fix for CVE-2022-38223 (#2222775, #2222780, #2255207) * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.3-62.git20230121 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.3-61.git20230121 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2222775 - CVE-2023-38252 w3m: Out of bounds read in Strnew_size() at w3m/Str.c https://bugzilla.redhat.com/show_bug.cgi?id=2222775 [ 2 ] Bug #2222779 - CVE-2023-38253 w3m: Out of bounds read in growbuf_to_Str() at w3m/indep.c https://bugzilla.redhat.com/show_bug.cgi?id=2222779 [ 3 ] Bug #2255207 - CVE-2023-4255 w3m: out-of-bounds write in function checkType() in etc.c (incomplete fix for CVE-2022-38223) https://bugzilla.redhat.com/show_bug.cgi?id=2255207 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
