The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-6327fb701b stb-0-0.45.20240213gitae721c5.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f7310355bb djvulibre-3.5.28-5.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing chromium-124.0.6367.155-1.el8 gpgme1.22-1.22.0-2.el8 libavc1394-0.5.4-23.el8 netdata-1.45.4-1.el8 python-tkrzw-0.1.31-1.el8 python39-pyrsistent-epel-0.17.3-1.el8 squashfs-tools-ng-1.3.1-2.el8 tkrzw-1.0.29-1.el8 Details about builds: ================================================================================ chromium-124.0.6367.155-1.el8 (FEDORA-EPEL-2024-ac000e6379) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 124.0.6367.155 High CVE-2024-4558: Use after free in ANGLE High CVE-2024-4559: Heap buffer overflow in WebAudio update to 124.0.6367.118 High CVE-2024-4331: Use after free in Picture In Picture High CVE-2024-4368: Use after free in Dawn -------------------------------------------------------------------------------- ChangeLog: * Wed May 8 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.155-1 - update to 124.0.6367.155 * High CVE-2024-4558: Use after free in ANGLE * High CVE-2024-4559: Heap buffer overflow in WebAudio * Sun May 5 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.118-2 - fixed build errors on el8 - refreshed clean_ffmpeg.sh - added missing files for bundle ffmpeg * Wed May 1 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.118-1 - update to 124.0.6367.118 * High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn - use system highway * Sat Apr 27 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.91-1 - update to 124.0.6367.91 - fixed bz#2277228 - chromium wrapper causes library issues (symbol lookup error) - use system dav1d * Wed Apr 24 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.78-1 - update to 124.0.6367.78 * Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn * Sat Apr 20 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.60-2 - fix waylang regression * Tue Apr 16 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.60-1 - update to 124.0.6367.60 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2274695 - CVE-2023-49528 chromium: FFmpeg: Heap Buffer Overflow vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2274695 [ 2 ] Bug #2275841 - CVE-2024-31578 CVE-2024-31581 CVE-2024-31582 CVE-2024-31585 chromium: ffmpeg: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275841 [ 3 ] Bug #2276116 - CVE-2023-49501 CVE-2023-49502 CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 chromium: ffmpeg: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276116 [ 4 ] Bug #2276123 - CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 chromium: ffmpeg: multiple vulnerabilites [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276123 [ 5 ] Bug #2276130 - CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 chromium: ffmpeg: multiple vulnerabilitites [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276130 [ 6 ] Bug #2278765 - CVE-2024-4331 chromium: chromium-browser: Use after free in Picture In Picture [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278765 [ 7 ] Bug #2278766 - CVE-2024-4331 chromium: chromium-browser: Use after free in Picture In Picture [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278766 [ 8 ] Bug #2278770 - CVE-2024-4368 chromium: chromium-browser: Use after free in Dawn [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278770 [ 9 ] Bug #2278771 - CVE-2024-4368 chromium: chromium-browser: Use after free in Dawn [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278771 [ 10 ] Bug #2279687 - CVE-2024-4559 chromium: chromium-browser: Heap buffer overflow in WebAudio [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279687 [ 11 ] Bug #2279688 - CVE-2024-4559 chromium: chromium-browser: Heap buffer overflow in WebAudio [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279688 [ 12 ] Bug #2279690 - CVE-2024-4558 chromium: chromium-browser: Use after free in ANGLE [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279690 -------------------------------------------------------------------------------- ================================================================================ gpgme1.22-1.22.0-2.el8 (FEDORA-EPEL-2024-c1583718b9) GnuPG Made Easy - high level crypto API - version 1.22 -------------------------------------------------------------------------------- Update Information: Patched so it would build with lower libgpgme-error -------------------------------------------------------------------------------- ChangeLog: * Tue May 7 2024 Troy Dawson <tdawson@xxxxxxxxxx> - 1.22.0-2 - Patched so it would build with lower libgpgme-error - Changed variables so it would build on epel8 - Added ldconfig_scriptlets * Thu Oct 19 2023 Troy Dawson <tdawson@xxxxxxxxxx> - 1.22.0-1 - Converted to a forward compat package from Fedora 40 gpgme -------------------------------------------------------------------------------- ================================================================================ libavc1394-0.5.4-23.el8 (FEDORA-EPEL-2024-7bce28f6bd) Audio/Video Control library for IEEE-1394 devices -------------------------------------------------------------------------------- Update Information: Built in EPEL8 -------------------------------------------------------------------------------- ChangeLog: * Wed May 8 2024 Antonio Trande <sagitter@xxxxxxxxxxxxxxxxx> - 0.5.4-23 - Fix patch command * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-21 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Thu Apr 16 2020 Antonio Trande <sagitter@xxxxxxxxxxxxxxxxx> - 0.5.4-13 - Some minor fixes * Wed Jan 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Jul 25 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Feb 1 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 22 2018 Antonio Trande <sagitter@xxxxxxxxxxxxxxxxx> - 0.5.4-8 - Add gcc BR * Fri Feb 16 2018 Antonio Trande <sagitter@xxxxxxxxxxxxxxxxx> - 0.5.4-7 - Use %ldconfig_scriptlets * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Sun Aug 21 2016 Antonio Trande <sagitter@xxxxxxxxxxxxxxxxx> - 0.5.4-2 - Some minor fixes * Sat Aug 20 2016 Antonio Trande <sagitter@xxxxxxxxxxxxxxxxx> - 0.5.4-1 - Update to 0.5.4 (bz#628157) - Patch updated - Use %license * Thu Feb 4 2016 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.3-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat Feb 21 2015 Till Maas <opensource@xxxxxxxxx> - 0.5.3-17 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jun 10 2009 Jarod Wilson <jarod@xxxxxxxxxx> 0.5.3-8 - Fix duplicate global symbols in libavc1394 vs. librom1394 (#216143) * Mon May 18 2009 Jarod Wilson <jarod@xxxxxxxxxx> 0.5.3-7 - Use included libtool, kill rpath a different way (#225988) * Mon May 18 2009 Jarod Wilson <jarod@xxxxxxxxxx> 0.5.3-6 - Fix up merge review issues (#225988) * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Tue Aug 5 2008 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> 0.5.3-4 - fix license tag * Tue Jul 22 2008 Jarod Wilson <jwilson@xxxxxxxxxx> 0.5.3-3 - Bump and rebuild for libraw1394 v2.0.0 * Thu Feb 14 2008 Jarod Wilson <jwilson@xxxxxxxxxx> - 0.5.3-2 - Bump and rebuild with gcc 4.3 * Sun Sep 10 2006 Jarod Wilson <jwilson@xxxxxxxxxx> - 0.5.3-1 - Upstream release 0.5.3 * Wed Jul 12 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 0.5.1-2.2.1 - rebuild * Fri Feb 10 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 0.5.1-2.2 - bump again for double-long bug on ppc(64) * Tue Feb 7 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 0.5.1-2.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Thu Dec 22 2005 Warren Togami <wtogami@xxxxxxxxxx> 0.5.1-2 - remove .a and .la (#172641) - GPL -> LGPL (#165908) * Fri Dec 9 2005 Jesse Keating <jkeating@xxxxxxxxxx> - rebuilt * Thu Nov 10 2005 Matthias Saou <http://freshrpms.net/> 0.5.1-1 - Update to 0.5.1. - Update librom patch to still apply cleanly. * Sat Oct 15 2005 Florian La Roche <laroche@xxxxxxxxxx> - make sure librom1394 is linked to libraw1394 and also libavc1394 is linked to librom1394 (also bz 156938) * Wed Mar 16 2005 Elliot Lee <sopwith@xxxxxxxxxx> - rebuilt * Mon Feb 28 2005 Warren Togami <wtogami@xxxxxxxxxx> 0.4.1-7 - gcc4 rebuild * Sun Feb 6 2005 Warren Togami <wtogami@xxxxxxxxxx> 0.4.1-6 - rebuild against new libraw1394 * Mon Jan 3 2005 Colin Walters <walters@xxxxxxxxxx> 0.4.1-5 - Rerun autotools in attempt to get package to link to -lm - Add patch libavc1394-0.4.1-kill-configure-insanity.patch * Mon Nov 22 2004 Karsten Hopp <karsten@xxxxxxxxx> 0.4.1-4 - remove bogus ldconfig after makeinstall * Fri Jul 30 2004 Florian La Roche <Florian.LaRoche@xxxxxxxxx> - add symlinks for ldconfig * Tue Jun 15 2004 Elliot Lee <sopwith@xxxxxxxxxx> - rebuilt * Tue Mar 2 2004 Elliot Lee <sopwith@xxxxxxxxxx> - rebuilt * Thu Feb 12 2004 Warren Togami <wtogami@xxxxxxxxxx> 0.4.1-1 - upgrade to 0.4.1 - Spec cleanups - License -> Copyright - Remove INSTALL; Add News, ChangeLog - Applications/Multimedia -> System Environment/Libraries * Mon Aug 25 2003 Bill Nottingham <notting@xxxxxxxxxx> 0.3.1-7 - fix buildreqs (#102204) * Wed Jun 4 2003 Elliot Lee <sopwith@xxxxxxxxxx> - rebuilt * Wed Jan 22 2003 Tim Powers <timp@xxxxxxxxxx> - rebuilt * Thu Dec 12 2002 Tim Powers <timp@xxxxxxxxxx> 0.3.1-4 - rebuild on all arches * Wed Nov 20 2002 Florian La Roche <Florian.LaRoche@xxxxxxxxx> - exclude mainframe - allow lib64 * Fri Jun 21 2002 Tim Powers <timp@xxxxxxxxxx> - automated rebuild * Sun Jun 9 2002 Michael Fulbright <msf@xxxxxxxxxx> - First RPM build -------------------------------------------------------------------------------- ================================================================================ netdata-1.45.4-1.el8 (FEDORA-EPEL-2024-1a56d4ac2a) Real-time performance monitoring -------------------------------------------------------------------------------- Update Information: Update from upstream -------------------------------------------------------------------------------- ChangeLog: * Thu May 9 2024 Didier Fabert <didier.fabert@xxxxxxxxx> 1.45.4-1 - Update from upstream * Sat Apr 13 2024 Didier Fabert <didier.fabert@xxxxxxxxx> 1.45.3-1 - Update from upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #2279845 - netdata-1.45.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2279845 -------------------------------------------------------------------------------- ================================================================================ python-tkrzw-0.1.31-1.el8 (FEDORA-EPEL-2024-00e7b2ad9b) TKRZW Python bindings -------------------------------------------------------------------------------- Update Information: Version bump -------------------------------------------------------------------------------- ChangeLog: * Tue May 7 2024 TI_Eugene <ti.eugene@xxxxxxxxx> - 0.1.31-1 - Version bump * Fri Jan 26 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.1.30-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Jan 22 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.1.30-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jul 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.1.30-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jun 14 2023 Python Maint <python-maint@xxxxxxxxxx> - 0.1.30-2 - Rebuilt for Python 3.12 -------------------------------------------------------------------------------- ================================================================================ python39-pyrsistent-epel-0.17.3-1.el8 (FEDORA-EPEL-2024-87e2cf29f2) Persistent/Functional/Immutable data structures -------------------------------------------------------------------------------- Update Information: Build for EPEL8 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 8 2024 Orion Poplawski <orion@xxxxxxxx> - 0.17.3-1 - Build for EPEL8 Python 3.9 -------------------------------------------------------------------------------- ================================================================================ squashfs-tools-ng-1.3.1-2.el8 (FEDORA-EPEL-2024-d7f5d14c5f) A new set of tools and libraries for working with SquashFS images -------------------------------------------------------------------------------- Update Information: Update to upstream 1.3.1 release. -------------------------------------------------------------------------------- ChangeLog: * Thu May 9 2024 David Trudgian <david.trudgian@xxxxxxxxx> - 1.3.1-1 - Update to upstream 1.3.1 release. -------------------------------------------------------------------------------- ================================================================================ tkrzw-1.0.29-1.el8 (FEDORA-EPEL-2024-00e7b2ad9b) A straightforward implementation of DBM -------------------------------------------------------------------------------- Update Information: Version bump -------------------------------------------------------------------------------- ChangeLog: * Tue May 7 2024 TI_Eugene <ti.eugene@xxxxxxxxx> - 1.0.29-1 - Version bump * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.27-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.27-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
