The following Fedora EPEL 9 Security updates need testing: Age URL 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-bab8814ee2 python-aiohttp-3.9.5-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing bitcoin-core-26.1-1.el9 chromium-124.0.6367.78-1.el9 csdiff-3.2.2-1.el9 neomutt-20240425-1.el9 rust-async-io-2.3.2-1.el9 rust-async-process-2.2.2-1.el9 rust-basic-toml-0.1.9-1.el9 rust-blake3-1.5.1-1.el9 rust-bytes-1.6.0-1.el9 rust-curl-0.4.46-1.el9 rust-curl-sys-0.4.72-1.el9 rust-deflate64-0.1.8-1.el9 rust-erased-serde-0.4.4-1.el9 rust-fastrand-2.0.2-1.el9 rust-futures-timer-3.0.3-1.el9 rust-itoa-1.0.11-1.el9 rust-libloading-0.8.3-1.el9 rust-os_info-3.8.2-1.el9 rust-polling-3.7.0-1.el9 rust-regex-1.10.4-1.el9 rust-rust_decimal-1.35.0-1.el9 rust-rustix-0.38.34-1.el9 rust-ryu-1.0.17-1.el9 rust-slog-term-2.9.1-1.el9 rust-socket2-0.5.6-1.el9 rust-thread_local-1.1.8-1.el9 rust-tokio-test-0.4.4-1.el9 Details about builds: ================================================================================ bitcoin-core-26.1-1.el9 (FEDORA-EPEL-2024-ca9f5cfc6d) Peer to Peer Cryptographic Currency -------------------------------------------------------------------------------- Update Information: Update to bugfix release 26.1. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 24 2024 Simone Caronni <negativo17@xxxxxxxxx> - 26.1-1 - Update to 26.1. * Tue Jan 23 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 26.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 26.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ chromium-124.0.6367.78-1.el9 (FEDORA-EPEL-2024-0c24da3136) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 124.0.6367.78 * Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn update to 124.0.6367.60 High CVE-2024-3832: Object corruption in V8 High CVE-2024-3833: Object corruption in WebAssembly High CVE-2024-3914: Use after free in V8 High CVE-2024-3834: Use after free in Downloads Medium CVE-2024-3837: Use after free in QUIC Medium CVE-2024-3838: Inappropriate implementation in Autofill Medium CVE-2024-3839: Out of bounds read in Fonts Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation Medium CVE-2024-3841: Insufficient data validation in Browser Switcher Medium CVE-2024-3843: Insufficient data validation in Downloads Low CVE-2024-3844: Inappropriate implementation in Extensions Low CVE-2024-3845: Inappropriate implementation in Network Low CVE-2024-3846: Inappropriate implementation in Prompts Low CVE-2024-3847: Insufficient policy enforcement in WebUI update to 123.0.6312.122 High CVE-2024-3157: Out of bounds write in Compositing High CVE-2024-3516: Heap buffer overflow in ANGLE High CVE-2024-3515: Use after free in Dawn -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 24 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.78-1 - update to 124.0.6367.78 * Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn * Sat Apr 20 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.60-2 - fix waylang regression * Tue Apr 16 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.60-1 - update to 124.0.6367.60 * Thu Apr 11 2024 Than Ngo <than@xxxxxxxxxx> - 123.0.6312.122-1 - update to 123.0.6312.122 * High CVE-2024-3157: Out of bounds write in Compositing * High CVE-2024-3516: Heap buffer overflow in ANGLE * High CVE-2024-3515: Use after free in Dawn -------------------------------------------------------------------------------- References: [ 1 ] Bug #2274473 - CVE-2024-3157 CVE-2024-3515 CVE-2024-3516 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2274473 [ 2 ] Bug #2274695 - CVE-2023-49528 chromium: FFmpeg: Heap Buffer Overflow vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2274695 [ 3 ] Bug #2275548 - CVE-2024-3833 CVE-2024-3834 CVE-2024-3837 CVE-2024-3839 CVE-2024-3840 CVE-2024-3841 CVE-2024-3843 CVE-2024-3844 CVE-2024-3845 CVE-2024-3846 CVE-2024-3847 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275548 [ 4 ] Bug #2275815 - CVE-2024-3914 chromium: chromium-browser: use after free in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275815 [ 5 ] Bug #2275841 - CVE-2024-31578 CVE-2024-31581 CVE-2024-31582 CVE-2024-31585 chromium: ffmpeg: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275841 [ 6 ] Bug #2276116 - CVE-2023-49501 CVE-2023-49502 CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 chromium: ffmpeg: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276116 [ 7 ] Bug #2276123 - CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 chromium: ffmpeg: multiple vulnerabilites [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276123 [ 8 ] Bug #2276130 - CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 chromium: ffmpeg: multiple vulnerabilitites [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276130 [ 9 ] Bug #2276890 - CVE-2024-4058 chromium: chromium-browser: Type Confusion in ANGLE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276890 [ 10 ] Bug #2276891 - CVE-2024-4058 chromium: chromium-browser: Type Confusion in ANGLE [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276891 -------------------------------------------------------------------------------- ================================================================================ csdiff-3.2.2-1.el9 (FEDORA-EPEL-2024-4b28e2b3df) Non-interactive tools for processing code scan results in plain-text -------------------------------------------------------------------------------- Update Information: propagate the imp flag as level in the SARIF format (#173) tweak key event matching in the Coverity parser (#172) tweak rules for ignoring duplicated version strings in kernel results (#171) read column numbers from the Coverity v10 JSON format (#169) propagate endLine/endColumn in the JSON and SARIF formats (#167) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Kamil Dudka <kdudka@xxxxxxxxxx> 3.2.2-1 - update to latest upstream release -------------------------------------------------------------------------------- ================================================================================ neomutt-20240425-1.el9 (FEDORA-EPEL-2024-cca9f9865c) Text mode Mail Client -------------------------------------------------------------------------------- Update Information: NeoMutt 2024-04-25 This is a small Bug-Fix Release. In particular, it fixes a few small quirks in the new Expando code. Release Notes: https://github.com/neomutt/neomutt/releases/tag/20240425 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Richard Russon <rich@xxxxxxxxxxx> - 20240425-1 - Bug Fixes - #4263 fix: cache naming - #4261 expando: fix conditional padding - #4261 expando: fix container - #4261 expando: add lower-case operator - #4261 expando: add external filter - imap: add mailboxes more directly - Translations - trans: tidy messages - Docs - doxy: add missing params - Build - #4268 Filter out CFLAGS with paths from the output of '-v' - #4273 guard truecolor functions in tests - #4275 use homebrew in macOS build - Code - use Buffer rather than strcat() - ncrypt: use gpgme types consistently -------------------------------------------------------------------------------- ================================================================================ rust-async-io-2.3.2-1.el9 (FEDORA-EPEL-2024-45146e0b71) Async I/O and timers -------------------------------------------------------------------------------- Update Information: Update to version 2.3.2. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 2.3.2-1 - Update to version 2.3.2; Fixes RHBZ#2268748 -------------------------------------------------------------------------------- ================================================================================ rust-async-process-2.2.2-1.el9 (FEDORA-EPEL-2024-5373fc8b0e) Async interface for working with processes -------------------------------------------------------------------------------- Update Information: Update to version 2.2.2. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 24 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 2.2.2-1 - Update to version 2.2.2; Fixes RHBZ#2276231 -------------------------------------------------------------------------------- ================================================================================ rust-basic-toml-0.1.9-1.el9 (FEDORA-EPEL-2024-5f1acc4c55) Minimal TOML library with few dependencies -------------------------------------------------------------------------------- Update Information: Update to version 0.1.9. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.1.9-1 - Update to version 0.1.9; Fixes RHBZ#2269097 * Fri Jan 26 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.1.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-blake3-1.5.1-1.el9 (FEDORA-EPEL-2024-9775b88036) BLAKE3 hash function -------------------------------------------------------------------------------- Update Information: Update to version 1.5.1. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.5.1-1 - Update to version 1.5.1; Fixes RHBZ#2269132 * Fri Jan 26 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-bytes-1.6.0-1.el9 (FEDORA-EPEL-2024-09de062bb0) Types and traits for working with bytes -------------------------------------------------------------------------------- Update Information: Update to version 1.6.0. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.6.0-1 - Update to version 1.6.0; Fixes RHBZ#2271119 * Fri Jan 26 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-curl-0.4.46-1.el9 (FEDORA-EPEL-2024-6f5d9a8992) Rust bindings to libcurl for making HTTP requests -------------------------------------------------------------------------------- Update Information: Update the curl crate to version 0.4.46. Update the curl-sys crate to version 0.4.72. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.4.46-1 - Update to version 0.4.46; Fixes RHBZ#2263495 -------------------------------------------------------------------------------- ================================================================================ rust-curl-sys-0.4.72-1.el9 (FEDORA-EPEL-2024-6f5d9a8992) Native bindings to the libcurl library -------------------------------------------------------------------------------- Update Information: Update the curl crate to version 0.4.46. Update the curl-sys crate to version 0.4.72. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.4.72-1 - Update to version 0.4.72+curl-8.6.0; Fixes RHBZ#2262290 -------------------------------------------------------------------------------- ================================================================================ rust-deflate64-0.1.8-1.el9 (FEDORA-EPEL-2024-52d9e29907) Deflate64 implementation based on .NET's implementation -------------------------------------------------------------------------------- Update Information: Update to version 0.1.8. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.1.8-1 - Update to version 0.1.8; Fixes RHBZ#2268966 -------------------------------------------------------------------------------- ================================================================================ rust-erased-serde-0.4.4-1.el9 (FEDORA-EPEL-2024-c7609b1b60) Type-erased Serialize and Serializer traits -------------------------------------------------------------------------------- Update Information: Update to version 0.4.4. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.4.4-1 - Update to version 0.4.4; Fixes RHBZ#2264824 -------------------------------------------------------------------------------- ================================================================================ rust-fastrand-2.0.2-1.el9 (FEDORA-EPEL-2024-00a88dd680) Simple and fast random number generator -------------------------------------------------------------------------------- Update Information: Update to version 2.0.2. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 2.0.2-1 - Update to version 2.0.2; Fixes RHBZ#2271251 * Fri Jan 26 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.0.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-futures-timer-3.0.3-1.el9 (FEDORA-EPEL-2024-c8ecc683a0) Timeouts for futures -------------------------------------------------------------------------------- Update Information: Update to version 3.0.3. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 3.0.3-1 - Update to version 3.0.3; Fixes RHBZ#2265523 * Fri Jan 26 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.0.2-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jul 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.0.2-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Sat May 20 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 3.0.2-10 - Regenerate with rust2rpm v24 * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.0.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-itoa-1.0.11-1.el9 (FEDORA-EPEL-2024-b71a8ffe53) Fast integer primitive to string conversion -------------------------------------------------------------------------------- Update Information: Update to version 1.0.11. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.0.11-1 - Update to version 1.0.11; Fixes RHBZ#2271557 -------------------------------------------------------------------------------- ================================================================================ rust-libloading-0.8.3-1.el9 (FEDORA-EPEL-2024-a8a868f35c) Bindings for native dynamic library loading primitives -------------------------------------------------------------------------------- Update Information: Update to version 0.8.3. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.8.3-1 - Update to version 0.8.3; Fixes RHBZ#2267996 -------------------------------------------------------------------------------- ================================================================================ rust-os_info-3.8.2-1.el9 (FEDORA-EPEL-2024-972c12594d) Detect the operating system type and version -------------------------------------------------------------------------------- Update Information: Update to version 3.8.2. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 3.8.2-1 - Update to version 3.8.2; Fixes RHBZ#2271130 -------------------------------------------------------------------------------- ================================================================================ rust-polling-3.7.0-1.el9 (FEDORA-EPEL-2024-e21745ae29) Portable interface to epoll, kqueue, event ports, and IOCP -------------------------------------------------------------------------------- Update Information: Update to version 3.7.0. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 23 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 3.7.0-1 - Update to version 3.7.0; Fixes RHBZ#2271252 -------------------------------------------------------------------------------- ================================================================================ rust-regex-1.10.4-1.el9 (FEDORA-EPEL-2024-61e35af195) Implementation of regular expressions for Rust -------------------------------------------------------------------------------- Update Information: Update to version 1.10.4. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.10.4-1 - Update to version 1.10.4; Fixes RHBZ#2271150 -------------------------------------------------------------------------------- ================================================================================ rust-rust_decimal-1.35.0-1.el9 (FEDORA-EPEL-2024-ffa6aad139) Decimal number implementation written in pure Rust -------------------------------------------------------------------------------- Update Information: Update to version 1.35.0. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.35.0-1 - Update to version 1.35.0; Fixes RHBZ#2271712 -------------------------------------------------------------------------------- ================================================================================ rust-rustix-0.38.34-1.el9 (FEDORA-EPEL-2024-803362308d) Safe Rust bindings to POSIX/Unix/Linux/Winsock-like syscalls -------------------------------------------------------------------------------- Update Information: Update to version 0.38.34. Update to version 0.38.33. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.38.34-1 - Update to version 0.38.34; Fixes RHBZ#2276512 * Mon Apr 22 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.38.33-1 - Update to version 0.38.33; Fixes RHBZ#2270360 -------------------------------------------------------------------------------- ================================================================================ rust-ryu-1.0.17-1.el9 (FEDORA-EPEL-2024-f5376c4ae7) Fast floating point to string conversion -------------------------------------------------------------------------------- Update Information: Update to version 1.0.17. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.0.17-1 - Update to version 1.0.17; Fixes RHBZ#2264816 -------------------------------------------------------------------------------- ================================================================================ rust-slog-term-2.9.1-1.el9 (FEDORA-EPEL-2024-c6b9f841f6) Unix terminal drain and formatter for slog-rs -------------------------------------------------------------------------------- Update Information: Update to version 2.9.1. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 2.9.1-1 - Update to version 2.9.1; Fixes RHBZ#2264786 * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.9.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Aug 5 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 2.9.0-5 - Regenerate with rust2rpm v24 * Fri Jul 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.9.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-socket2-0.5.6-1.el9 (FEDORA-EPEL-2024-cf4abc8a57) Utilities for handling networking sockets -------------------------------------------------------------------------------- Update Information: Update to version 0.5.6. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.5.6-1 - Update to version 0.5.6; Fixes RHBZ#2265661 * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-thread_local-1.1.8-1.el9 (FEDORA-EPEL-2024-8f900199a7) Per-object thread-local storage -------------------------------------------------------------------------------- Update Information: Update to version 1.1.8. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.1.8-1 - Update to version 1.1.8; Fixes RHBZ#2265199 -------------------------------------------------------------------------------- ================================================================================ rust-tokio-test-0.4.4-1.el9 (FEDORA-EPEL-2024-df92cdac4f) Testing utilities for Tokio- and futures-based code -------------------------------------------------------------------------------- Update Information: Update to version 0.4.4. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 25 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.4.4-1 - Update to version 0.4.4; Fixes RHBZ#2269614 * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.4.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
