The following Fedora EPEL 7 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-fd5dac4a76 apptainer-1.3.2-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing chromium-125.0.6422.141-1.el7 stb-0-0.48.20240531git013ac3b.el7 Details about builds: ================================================================================ chromium-125.0.6422.141-1.el7 (FEDORA-EPEL-2024-f1162cb3bf) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 125.0.6422.141 High CVE-2024-5493: Heap buffer overflow in WebRTC High CVE-2024-5494: Use after free in Dawn High CVE-2024-5495: Use after free in Dawn High CVE-2024-5496: Use after free in Media Session High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs High CVE-2024-5498: Use after free in Presentation API High CVE-2024-5499: Out of bounds write in Streams API -------------------------------------------------------------------------------- ChangeLog: * Fri May 31 2024 Than Ngo <than@xxxxxxxxxx> - 125.0.6422.141-1 - update to 125.0.6422.141 * High CVE-2024-5493: Heap buffer overflow in WebRTC * High CVE-2024-5494: Use after free in Dawn * High CVE-2024-5495: Use after free in Dawn * High CVE-2024-5496: Use after free in Media Session * High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * High CVE-2024-5498: Use after free in Presentation API * High CVE-2024-5499: Out of bounds write in Streams API - fixed rhbz#2264332 - Chromium is unable to send/receive video on MS Teams - cleanup chromium.conf * Wed May 29 2024 Than Ngo <than@xxxxxxxxxx> - 125.0.6422.112-3 - build against noopenh264 * Tue May 28 2024 Than Ngo <than@xxxxxxxxxx> - 125.0.6422.112-2 - Workaround for build error on pp64le * Sun May 26 2024 Than Ngo <than@xxxxxxxxxx> - 125.0.6422.112-1 - update to 125.0.6422.112 * High CVE-2024-5274: Type Confusion in V8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2283084 - CVE-2024-5274 chromium: chromium-browser: Type Confusion in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2283084 -------------------------------------------------------------------------------- ================================================================================ stb-0-0.48.20240531git013ac3b.el7 (FEDORA-EPEL-2024-07d513b487) Single-file public domain libraries for C/C++ -------------------------------------------------------------------------------- Update Information: stb_image 2.30: fix gcc bounds-check warning (believed erroneous) stb_image_resize2 2.07 fix for slow final split during threaded conversions of very wide scanlines when downsampling (caused by extra input converting), fix for wide scanline resamples with many splits (int overflow), fix GCC warning. -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 1 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0-0.48.20240531git013ac3b - stb_image 2.30 * Sun May 26 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0-0.47.20240525git449758b - stb_image_resize2 2.07 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
