The following Fedora EPEL 8 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d40458db4b trafficserver-9.2.5-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing chromium-127.0.6533.72-1.el8 xorgxrdp-0.10.2-1.el8 Details about builds: ================================================================================ chromium-127.0.6533.72-1.el8 (FEDORA-EPEL-2024-08de4453df) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 24 2024 Than Ngo <than@xxxxxxxxxx> - 127.0.6533.72-1 - update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe * Sat Jul 20 2024 Than Ngo <than@xxxxxxxxxx> - 126.0.6478.182-2 - fix condition for is_cfi/use_thin_lto on aarch64/ppc64le - update powerpc patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #2299576 - 127.0.6533.72 released, fixing many CVEs https://bugzilla.redhat.com/show_bug.cgi?id=2299576 [ 2 ] Bug #2299689 - Adopt the ppc64le patches from OpenPOWER patchset https://bugzilla.redhat.com/show_bug.cgi?id=2299689 -------------------------------------------------------------------------------- ================================================================================ xorgxrdp-0.10.2-1.el8 (FEDORA-EPEL-2024-a30e3457fd) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information: New features Check list of support devices in glamor (backport of #322) Support NULL cursors and large mono cursors (#320, backport of #323) Bug fixes Separate out key frame request from MAX_INT frame ACK. This prevents some cases of screen corruption on multi-monitor setups (backport of #288) Fixes complex dirty region causing overflow of xrdp comms buffer (#318, backport of #319) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 31 2024 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 0.10.2-1 - Bump up to 0.10.2 * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.10.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268719 - xorgxrdp-0.10.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2268719 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
