The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d40458db4b trafficserver-9.2.5-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-2b876f90b2 xrdp-0.10.1-1.el8 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5efb0dbd99 ImageMagick-6.9.13.14-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing aws-c-cal-0.7.2-1.el8 chromium-127.0.6533.88-2.el8 cscppc-2.2.6-1.el8 csdiff-3.4.1-1.el8 csmock-3.6.1-1.el8 gfal2-2.23.0-1.el8 libmongocrypt-1.11.0-1.el8 scorep-6.0-21.el8 srm-ifce-1.24.7-1.el8 syncthing-1.27.9-1.el8 youtube-dl-2024.08.01.git71223bf-1.el8 Details about builds: ================================================================================ aws-c-cal-0.7.2-1.el8 (FEDORA-EPEL-2024-5168e3434b) AWS Crypto Abstraction Layer -------------------------------------------------------------------------------- Update Information: Automatic update for aws-c-cal-0.7.2-1.el8. Changelog for aws-c-cal * Thu Jul 18 2024 Packit <hello@xxxxxxxxxx> - 0.7.2-1 - Update to version 0.7.2 - Resolves: rhbz#2298632 * Wed Jul 17 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.7.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 18 2024 Packit <hello@xxxxxxxxxx> - 0.7.2-1 - Update to version 0.7.2 - Resolves: rhbz#2298632 * Wed Jul 17 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.7.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2298632 - aws-c-cal-0.7.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2298632 -------------------------------------------------------------------------------- ================================================================================ chromium-127.0.6533.88-2.el8 (FEDORA-EPEL-2024-b57653699c) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 127.0.6533.88 Critical CVE-2024-6990: Uninitialized Use in Dawn High CVE-2024-7255: Out of bounds read in WebTransport High CVE-2024-7256: Insufficient data validation in Dawn update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 1 2024 Than Ngo <than@xxxxxxxxxx> - 127.0.6533.88-2 - remove old patch that seems to be the cause of a crash when the user set user.max_user_namespaces to 0 * Wed Jul 31 2024 Than Ngo <than@xxxxxxxxxx> - 127.0.6533.88-1 - update to 127.0.6533.88 * Wed Jul 24 2024 Than Ngo <than@xxxxxxxxxx> - 127.0.6533.72-1 - update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe * Sat Jul 20 2024 Than Ngo <than@xxxxxxxxxx> - 126.0.6478.182-2 - fix condition for is_cfi/use_thin_lto on aarch64/ppc64le - update powerpc patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #2299576 - 127.0.6533.72 released, fixing many CVEs https://bugzilla.redhat.com/show_bug.cgi?id=2299576 [ 2 ] Bug #2299689 - Adopt the ppc64le patches from OpenPOWER patchset https://bugzilla.redhat.com/show_bug.cgi?id=2299689 -------------------------------------------------------------------------------- ================================================================================ cscppc-2.2.6-1.el8 (FEDORA-EPEL-2024-551e413775) A compiler wrapper that runs Cppcheck in background -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 2 2024 Kamil Dudka <kdudka@xxxxxxxxxx> 2.2.6-1 - update to latest upstream release -------------------------------------------------------------------------------- ================================================================================ csdiff-3.4.1-1.el8 (FEDORA-EPEL-2024-551e413775) Non-interactive tools for processing code scan results in plain-text -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 2 2024 Kamil Dudka <kdudka@xxxxxxxxxx> - 3.4.1-1 - update to latest upstream release -------------------------------------------------------------------------------- ================================================================================ csmock-3.6.1-1.el8 (FEDORA-EPEL-2024-551e413775) A mock wrapper for Static Analysis tools -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 2 2024 Kamil Dudka <kdudka@xxxxxxxxxx> - 3.6.1-1 - update to latest upstream -------------------------------------------------------------------------------- ================================================================================ gfal2-2.23.0-1.el8 (FEDORA-EPEL-2024-8ebdfb5eaa) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information: New upstream release v2.23.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 2 2024 Mihai Patrascoiu <mihai.patrascoiu@xxxxxxx> - 2.23.0-1 - Upstream release 2.23.0 * Wed Jul 24 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 2.22.2-3 - convert license to SPDX * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.22.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ libmongocrypt-1.11.0-1.el8 (FEDORA-EPEL-2024-90d3d1015a) The companion C library for client side encryption in drivers -------------------------------------------------------------------------------- Update Information: Version 1.11.0 New features Support range algorithm as stable. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 2 2024 Remi Collet <remi@xxxxxxxxxxxx> - 1.11.0-1 - update to 1.11.0 -------------------------------------------------------------------------------- ================================================================================ scorep-6.0-21.el8 (FEDORA-EPEL-2024-ba19a61736) Scalable Performance Measurement Infrastructure for Parallel Codes -------------------------------------------------------------------------------- Update Information: Rebuild for clang 17 -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 2 2024 Orion Poplawski <orion@xxxxxxxx> - 6.0-21 - Rebuild for clang 17 (RHEL 8.10) -------------------------------------------------------------------------------- ================================================================================ srm-ifce-1.24.7-1.el8 (FEDORA-EPEL-2024-eea0d555f5) SRM client side library -------------------------------------------------------------------------------- Update Information: New upstream release v1.24.7 -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 2 2024 Mihai Patrascoiu <mihai.patrascoiu@xxxxxxx> - 1.24.7-1 - Upstream release 1.24.7 * Wed Jul 24 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.24.6-5 - convert license to SPDX * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.24.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.24.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.24.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ syncthing-1.27.9-1.el8 (FEDORA-EPEL-2024-c93aaf4031) Continuous File Synchronization -------------------------------------------------------------------------------- Update Information: Update to version 1.27.9. Release notes: 1.27.8: https://github.com/syncthing/syncthing/releases/tag/v1.27.8 1.27.9: https://github.com/syncthing/syncthing/releases/tag/v1.27.9 -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 2 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.27.9-1 - Update to version 1.27.9; Fixes RHBZ#2290442 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2024.08.01.git71223bf-1.el8 (FEDORA-EPEL-2024-8d34fbe41a) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to latest snapshot -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 2 2024 David Bold <davidsch@xxxxxxxxxxxxxxxxx> - 2024.08.01.git71223bf-1 - Update to latest git snapshot 71223bf from 2024.08.01 * Mon Jul 29 2024 David Bold <davidsch@xxxxxxxxxxxxxxxxx> - 2024.07.25.gite1b3fa2-1 - Update to latest git snapshot e1b3fa2 from 2024.07.25 --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue