The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5efb0dbd99 ImageMagick-6.9.13.14-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-2d8a766d53 tor-0.4.8.12-2.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing SDL_sound-1.0.3-37.el8 chromium-127.0.6533.99-1.el8 fts-rest-client-3.13.2-1.el8 pagure-dist-git-1.15-1.el8 perl-CDB_File-1.05-15.el8 Details about builds: ================================================================================ SDL_sound-1.0.3-37.el8 (FEDORA-EPEL-2024-6650255146) Library handling decoding of several popular sound file formats -------------------------------------------------------------------------------- Update Information: epel build -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 17 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-37 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Mon Jan 22 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-36 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-35 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-34 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jan 18 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-33 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Tue Sep 13 2022 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.0.3-32 - Rebuilt for flac 1.4.0 * Wed Jul 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-31 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Sat Apr 2 2022 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.0.3-30 - Remove /usr/bin/playsound* from the package to avoid conflict with SDL2_sound, users who want this should use SDL2_sound (#2069453) * Wed Jan 19 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-29 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Wed Jul 21 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-28 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Mon Jan 25 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-27 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jan 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Wed Jul 24 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Jan 31 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Jul 12 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Mar 28 2018 Hans de Goede <j.w.r.degoede@xxxxxx> - 1.0.3-21 - Fix FTBFS (rhbz#1555579) - Enable mp3 support now that it is allowed in Fedora (rhbz#1561308) * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Aug 2 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Wed Feb 3 2016 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.3-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Tue Jun 16 2015 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Aug 2 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Thu Jan 12 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Fri Dec 9 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.3-8 - rebuild again * Fri Dec 9 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.0.3-7 - rebuild * Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Jun 1 2010 Ville Skyttä <ville.skytta@xxxxxx> - 1.0.3-5 - Rebuild. * Thu Aug 20 2009 Warren Togami <wtogami@xxxxxxxxxx> - 1.0.3-4 - rebuild * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Mon Feb 23 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Apr 21 2008 Hans de Goede <j.w.r.degoede@xxxxxx> 1.0.3-1 - New upstream release 1.0.3 * Sun Feb 17 2008 Hans de Goede <j.w.r.degoede@xxxxxx> 1.0.1-9 - Rebuild for new libmikmod - Rebuild with gcc 4.3 - Stop shipping pre-generated doxygen docs, now that doxygen is fixed to no longer cause multilib conflicts * Sun Oct 28 2007 Hans de Goede <j.w.r.degoede@xxxxxx> 1.0.1-8 - Stop unnecessary linking to libvorbisenc (bz 355811) * Sun Oct 28 2007 Hans de Goede <j.w.r.degoede@xxxxxx> 1.0.1-7 - Remove support for patented sound formats (not used by any package in the Fedora-verse), submit to Fedora - Only include html version of doxygen docs (not latex source) - Update license tag for new licensing guidelines compliance - Use prebuild doxygen docs to avoid multilib conflicts * Sat Mar 3 2007 Thorsten Leemhuis <fedora [AT] leemhuis [DOT] info> 1.0.1-6 - Rebuild for devel * Sun Dec 3 2006 Christopher Stone <chris.stone@xxxxxxxxx> 1.0.1-5 - Fix livna bug #1181 - Add physfs-devel to BR * Sat Dec 2 2006 Christopher Stone <chris.stone@xxxxxxxxx> 1.0.1-4 - Fix bug #1297 - Whitespace cleanup * Fri Oct 6 2006 Dams <anvil[AT]livna.org> - 1.0.1-3 - Disabled static - devel packages Requires:SDL-devel because SDL_sound.h requires SDL.h - a bit of cleanup * Fri Oct 6 2006 Dams <anvil[AT]livna.org> - 1.0.1-2 - Added disttag * Sat Feb 18 2006 Thorsten Leemhuis <fedora[AT]leemhuis.info> 0:1.0.1-1 - drop epoch, 0.lvn * Fri Nov 21 2003 Panu Matilainen <pmatilai@xxxxxxxxx> 0:1.0.1-0.lvn.1 - Initial RPM release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2294242 - Please branch and build SDL_sound in epel8/epel9 https://bugzilla.redhat.com/show_bug.cgi?id=2294242 -------------------------------------------------------------------------------- ================================================================================ chromium-127.0.6533.99-1.el8 (FEDORA-EPEL-2024-43f7d896ee) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Update to 127.0.6533.99 * Critical CVE-2024-7532: Out of bounds memory access in ANGLE * High CVE-2024-7533: Use after free in Sharing * High CVE-2024-7550: Type Confusion in V8 * High CVE-2024-7534: Heap buffer overflow in Layout * High CVE-2024-7535: Inappropriate implementation in V8 * High CVE-2024-7536: Use after free in WebAudio -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 7 2024 Than Ngo <than@xxxxxxxxxx> - 127.0.6533.99-1 - update to 127.0.6533.99 * Critical CVE-2024-7532: Out of bounds memory access in ANGLE * High CVE-2024-7533: Use after free in Sharing * High CVE-2024-7550: Type Confusion in V8 * High CVE-2024-7534: Heap buffer overflow in Layout * High CVE-2024-7535: Inappropriate implementation in V8 * High CVE-2024-7536: Use after free in WebAudio * Tue Aug 6 2024 Than Ngo <than@xxxxxxxxxx> - 127.0.6533.88-3 - fix rhbz#2294773 - Allow enabling vulkan on ozone wayland for AMD vaapi - add ppc64le patch to fix runtime assertion trap on ppc64el systems - refresh ppc64le patch to work around broken 64k allocator code on arm64 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2303050 - CVE-2024-7055 chromium: From NVD collector [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2303050 [ 2 ] Bug #2303343 - CVE-2024-6988 chromium: Use after free in Downloads [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2303343 [ 3 ] Bug #2303344 - CVE-2024-6988 chromium: Use after free in Downloads [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2303344 [ 4 ] Bug #2303345 - CVE-2024-6988 chromium: Use after free in Downloads [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303345 [ 5 ] Bug #2303348 - CVE-2024-7533 chromium: Use after free in Sharing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303348 [ 6 ] Bug #2303349 - CVE-2024-7533 chromium: Use after free in Sharing [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303349 [ 7 ] Bug #2303350 - CVE-2024-7550 chromium: Type Confusion in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303350 [ 8 ] Bug #2303351 - CVE-2024-7550 chromium: Type Confusion in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303351 [ 9 ] Bug #2303352 - CVE-2024-7534 chromium: Heap buffer overflow in Layout [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303352 [ 10 ] Bug #2303353 - CVE-2024-7534 chromium: Heap buffer overflow in Layout [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303353 [ 11 ] Bug #2303354 - CVE-2024-6989 chromium: Use after free in Loader [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303354 [ 12 ] Bug #2303355 - CVE-2024-6989 chromium: Use after free in Loader [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303355 [ 13 ] Bug #2303356 - CVE-2024-7535 chromium: Inappropriate implementation in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303356 [ 14 ] Bug #2303357 - CVE-2024-7535 chromium: Inappropriate implementation in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303357 [ 15 ] Bug #2303359 - CVE-2024-7536 chromium: Use after free in WebAudio [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303359 -------------------------------------------------------------------------------- ================================================================================ fts-rest-client-3.13.2-1.el8 (FEDORA-EPEL-2024-299f4376a1) File Transfer Service (FTS) -- Python3 Client and CLI -------------------------------------------------------------------------------- Update Information: New upstream release v3.13.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 8 2024 Mihai Patrascoiu <mihai.patrascoiu@xxxxxxx> - 3.13.2-1 - New upstream release 3.13.2 * Wed Jul 24 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 3.13.1-4 - convert license to SPDX * Wed Jul 17 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.13.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri Jun 7 2024 Python Maint <python-maint@xxxxxxxxxx> - 3.13.1-2 - Rebuilt for Python 3.13 -------------------------------------------------------------------------------- ================================================================================ pagure-dist-git-1.15-1.el8 (FEDORA-EPEL-2024-d8d0bbc99c) Pagure Git auth backend for Dist-Git setups -------------------------------------------------------------------------------- Update Information: Update to version 1.15, which removes PDC checks and adds the ability to push to epel10 branches. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 8 2024 Carl George <carlwgeorge@xxxxxxxxxxxxxxxxx> - 1.15-1 - Update to 1.15 to resolve epel10 issue - https://pagure.io/releng/issue/12236 * Thu Jun 27 2024 Tomas Hrcka <thrcka@xxxxxxxxxx> - 1.14-1 - Update to 1.14 - Remove pdc from plugin.py - Remove pdc query from is_supported_branch function -------------------------------------------------------------------------------- References: [ 1 ] Bug #2149613 - pagure-dist-git-1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2149613 -------------------------------------------------------------------------------- ================================================================================ perl-CDB_File-1.05-15.el8 (FEDORA-EPEL-2024-466edac2c3) Perl extension for access to cdb databases -------------------------------------------------------------------------------- Update Information: upgrade to 1.05 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 5 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.05-15 - convert license to SPDX * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.05-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Mon Jun 10 2024 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.05-13 - Perl 5.40 rebuild * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.05-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.05-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.05-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 11 2023 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.05-9 - Perl 5.38 rebuild * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.05-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jul 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.05-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue May 31 2022 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.05-6 - Perl 5.36 rebuild * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.05-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.05-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri May 21 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.05-3 - Perl 5.34 rebuild * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.05-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Dec 15 2020 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.05-1 - upgrade to 1.05 (RHBZ#1897829) - specify all dependencies * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.02-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jun 23 2020 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.02-2 - Perl 5.32 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2028353 - Request to update perl-CDB_File to 1.03 (or newer) https://bugzilla.redhat.com/show_bug.cgi?id=2028353 --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue