The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-07e8f5f1f0 libopenmpt-0.7.6-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d9102d9191 clojure-1.8.0-3.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1f6e851537 trafficserver-9.2.4-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-866ac60917 nghttp2-1.33.0-1.3.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing chromium-123.0.6312.105-1.el7 teem-1.11.0-59.el7 wcd-6.0.5-3.el7 Details about builds: ================================================================================ chromium-123.0.6312.105-1.el7 (FEDORA-EPEL-2024-3cb841c5f0) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 123.0.6312.105 High CVE-2024-3156: Inappropriate implementation in V8 High CVE-2024-3158: Use after free in Bookmarks High CVE-2024-3159: Out of bounds memory access in V8 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 3 2024 Than Ngo <than@xxxxxxxxxx> - 123.0.6312.105-1 - update to 123.0.6312.105 * High CVE-2024-3156: Inappropriate implementation in V8 * High CVE-2024-3158: Use after free in Bookmarks * High CVE-2024-3159: Out of bounds memory access in V8 * Wed Mar 27 2024 Than Ngo <than@xxxxxxxxxx> - 123.0.6312.86-2 - update to 123.0.6312.86 * Critical CVE-2024-2883: Use after free in ANGLE * High CVE-2024-2885: Use after free in Daw * High CVE-2024-2886: Use after free in WebCodecs * High CVE-2024-2887: Type Confusion in WebAssembly * Sat Mar 23 2024 Than Ngo <than@xxxxxxxxxx> - 123.0.6312.58-2 - fixed bz#2269768 - enable build ppc64le package for F40 - fixed bz#2270321 - VAAPI flags in chromium.conf are out of date - fixed bz#2271183 - disable screen ai service -------------------------------------------------------------------------------- References: [ 1 ] Bug #2271849 - CVE-2024-2883 chromium: Use after free in ANGLE [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271849 [ 2 ] Bug #2271855 - CVE-2024-2885 chromium: Use after free in Dawn [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271855 [ 3 ] Bug #2271861 - CVE-2024-2886 chromium: Use after free in WebCodecs [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271861 [ 4 ] Bug #2271867 - CVE-2024-2887 chromium: Type Confusion in WebAssembly [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271867 [ 5 ] Bug #2272870 - CVE-2024-3156 CVE-2024-3158 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2272870 [ 6 ] Bug #2272877 - CVE-2024-3159 chromium: chromium-browser: Out of bounds memory access in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2272877 -------------------------------------------------------------------------------- ================================================================================ teem-1.11.0-59.el7 (FEDORA-EPEL-2024-f7af304d4c) Libraries for processing and visualizing scientific raster data -------------------------------------------------------------------------------- Update Information: Actually install the man pages; update License to SPDX -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 5 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.11.0-59 - Actually install the man pages * Fri Apr 5 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.11.0-57 - Run tests serially *without* overriding spec-file macros * Fri Apr 5 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.11.0-56 - Update License to SPDX * Fri Apr 5 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.11.0-55 - Improve summary for -libs subpackage -------------------------------------------------------------------------------- ================================================================================ wcd-6.0.5-3.el7 (FEDORA-EPEL-2024-7d01d6199f) Wherever Change Directory: chdir for DOS and Unix -------------------------------------------------------------------------------- Update Information: Fix a typo in the Summary of the -doc subpackage -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 5 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 6.0.5-3 - Fix a typo in the Summary of the -doc subpackage -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
