The following Fedora EPEL 9 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0398ebbbfa w3m-0.5.3-63.git20230121.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-879bfd3d5b chromium-122.0.6261.128-1.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-626c1844b4 csmock-3.5.3-1.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-684f77a897 podman-tui-1.0.0-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing koji-1.34.0-3.el9 pandoc-2.14.0.3-17.el9 patat-0.8.7.0-4.el9 prometheus-podman-exporter-1.11.0-1.el9 suricata-6.0.17-1.el9 Details about builds: ================================================================================ koji-1.34.0-3.el9 (FEDORA-EPEL-2024-19d54f50cc) Build system tools -------------------------------------------------------------------------------- Update Information: Add back in missing schema files. rhbz#2270743 Update to 1.34.0 + some small patches -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 22 2024 Kevin Fenzi <kevin@xxxxxxxxx> - 1.34.0-3 - Add back in missing schema files. rhbz#2270743 * Mon Mar 18 2024 Kevin Fenzi <kevin@xxxxxxxxx> - 1.34.0-2 - Carry scm policy plugin for hub, it's already upstream - Use dnf5 compatible 'group install' command - Allow specifying with a tag value what arches noarch builds happen on. - Fix image-build to not pass units to oz (to avoid GB/GiB issues) - Fix a typo in scheduler (already upstreamed) - Add back index for rpminfo table that was mistakenly dropped. * Thu Jan 25 2024 Kevin Fenzi <kevin@xxxxxxxxx> - 1.34.0-1 - Update to 1.34.0. Fixes rhbz#2260055 * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.33.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.33.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.33.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Fri Jul 14 2023 Kevin Fenzi <kevin@xxxxxxxxx> - 1.33.1-1 - Update to 1.31.1. Fixes rhbz#2222032 * Tue Jun 13 2023 Python Maint <python-maint@xxxxxxxxxx> - 1.33.0-2 - Rebuilt for Python 3.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2270743 - Missing koji db schema files https://bugzilla.redhat.com/show_bug.cgi?id=2270743 -------------------------------------------------------------------------------- ================================================================================ pandoc-2.14.0.3-17.el9 (FEDORA-EPEL-2024-3e437ee2d0) Conversion between markup formats -------------------------------------------------------------------------------- Update Information: backport pandoc fixes for CVE-2023-35936 and CVE-2023-38745 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 22 2024 Jens Petersen <petersen@xxxxxxxxxx> - 2.14.0.3-17 - backport fixes for CVE-2023-35936 and CVE-2023-38745 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2220872 - TRIAGE pandoc: TRIAGE_CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2220872 [ 2 ] Bug #2227033 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2227033 -------------------------------------------------------------------------------- ================================================================================ patat-0.8.7.0-4.el9 (FEDORA-EPEL-2024-3e437ee2d0) Terminal-based presentations using Pandoc -------------------------------------------------------------------------------- Update Information: backport pandoc fixes for CVE-2023-35936 and CVE-2023-38745 -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 17 2022 Jens Petersen <petersen@xxxxxxxxxx> - 0.8.7.0-4 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2220872 - TRIAGE pandoc: TRIAGE_CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2220872 [ 2 ] Bug #2227033 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2227033 -------------------------------------------------------------------------------- ================================================================================ prometheus-podman-exporter-1.11.0-1.el9 (FEDORA-EPEL-2024-5d9511ad6e) Prometheus exporter for podman environment -------------------------------------------------------------------------------- Update Information: release v1.11.0 release v1.10.1 release v1.10.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 22 2024 Navid Yaghoobi <navidys@xxxxxxxxxxxxxxxxx> - 1.11.0-1 - release v1.11.0 * Sun Mar 17 2024 Navid Yaghoobi <navidys@xxxxxxxxxxxxxxxxx> - 1.10.1-1 - release v1.10.1 * Sat Mar 16 2024 Navid Yaghoobi <navidys@xxxxxxxxxxxxxxxxx> - 1.10.0-1 - release v1.10.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268896 - CVE-2024-28180 prometheus-podman-exporter: jose-go: improper handling of highly compressed data [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2268896 -------------------------------------------------------------------------------- ================================================================================ suricata-6.0.17-1.el9 (FEDORA-EPEL-2024-1e7f709e59) Intrusion Detection System -------------------------------------------------------------------------------- Update Information: These are bug fix and security releases including MODERATE, HIGH, and CRITICAL issues. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 20 2024 Steve Grubb <sgrubb@xxxxxxxxxx> 6.0.17-1 - New security and bugfix release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2128376 - Please port your pcre dependency to pcre2. Pcre has been deprecated https://bugzilla.redhat.com/show_bug.cgi?id=2128376 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
