The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-43f7d896ee chromium-127.0.6533.99-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-fddc73b64e radare2-5.9.4-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing mock-core-configs-41.2-1.el8 python-webob-1.8.8-1.el8 zabbix6.0-6.0.33-1.el8 Details about builds: ================================================================================ mock-core-configs-41.2-1.el8 (FEDORA-EPEL-2024-6836ae8e54) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information: https://rpm-software-management.github.io/mock/Release-Notes-Configs-41.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 15 2024 Pavel Raiskup <praiskup@xxxxxxxxxx> 41.2-1 - fix centos-stream+epel-10-s390x /bin/sed typo * Wed Aug 14 2024 Pavel Raiskup <praiskup@xxxxxxxxxx> 41.1-1 - branch F41 from Rawhide (frostyx@xxxxxxxx) - added centos-stream+epel-10 configs - Enable RPM sysusers integration (j1.kyjovsky@xxxxxxxxx) - Rawhide to accept GPG key from future Fedora Rawhide+1 - openEuler 24.03 LTS (nucleo@xxxxxxxxxxxxxxxxx) - drop fedora-eln-i386 (yselkowi@xxxxxxxxxx) - Switch CentOS 7 to vault.centos.org (robert@xxxxxxxxxxxxxxxxx) - Fix GPG keys for CentOS Stream 10 repositories (daan.j.demeyer@xxxxxxxxx) - EOL epel-7 configuration - CentOS 7 is EOL - Fedora 41+ configuration images are "dnf5 ready" - Use metalinks for c10s {baseos,appstream,crb}-{source,debuginfo} (miro@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ python-webob-1.8.8-1.el8 (FEDORA-EPEL-2024-ee61987af9) WSGI request and response object -------------------------------------------------------------------------------- Update Information: Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 15 2024 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> - 1.8.8-1 - Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065 - pypi_source constructed manually according to project/name case inconsistency - only require legacy-cgi on on systems where it's present - remove python3.9 patch (applied upstream) * Fri Jul 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.7-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Sat Jun 15 2024 Mattia Verga <mattia.verga@xxxxxxxxx> - 1.8.7-14 - Explicitly require python3-cgi at runtime (Fedora#2245641) * Fri Jun 14 2024 Mattia Verga <mattia.verga@xxxxxxxxx> - 1.8.7-13 - Require legacy-cgi as build dependency - Fix FTB with Python 3.13 (Fedora#2245641) * Fri Jun 7 2024 Python Maint <python-maint@xxxxxxxxxx> - 1.8.7-12 - Rebuilt for Python 3.13 * Fri Jan 26 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.7-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Jan 22 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.7-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jul 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.7-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Python Maint <python-maint@xxxxxxxxxx> - 1.8.7-8 - Rebuilt for Python 3.12 * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.7-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jul 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.7-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon Jun 13 2022 Python Maint <python-maint@xxxxxxxxxx> - 1.8.7-5 - Rebuilt for Python 3.11 * Fri Jan 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Jul 27 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.7-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri Jun 4 2021 Python Maint <python-maint@xxxxxxxxxx> - 1.8.7-2 - Rebuilt for Python 3.10 * Mon Feb 22 2021 Kevin Fenzi <kevin@xxxxxxxxx> - 1.8.7-1 - Update to 1.8.7. Fixes rhbz#1930010 * Fri Jan 22 2021 Charalampos Stratakis <cstratak@xxxxxxxxxx> - 1.8.6-4 - Switch the test run from nose to pytest * Wed Jul 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon May 25 2020 Miro HronÄ?ok <mhroncok@xxxxxxxxxx> - 1.8.6-2 - Rebuilt for Python 3.9 * Sun Mar 22 2020 Carl George <carl@george.computer> - 1.8.6-1 - Latest upstream rhbz#1793857 * Thu Jan 30 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Tue Jan 14 2020 Charalampos Stratakis <cstratak@xxxxxxxxxx> - 1.8.5-5 - Fix Python 3.9 compatibility * Mon Sep 9 2019 Miro HronÄ?ok <mhroncok@xxxxxxxxxx> - 1.8.5-4 - Subpackage python2-webob has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal * Sat Aug 17 2019 Miro HronÄ?ok <mhroncok@xxxxxxxxxx> - 1.8.5-3 - Rebuilt for Python 3.8 * Fri Jul 26 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.8.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2305065 - CVE-2024-42353 python-webob: WebOb's location header normalization during redirect leads to open redirect [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2305065 -------------------------------------------------------------------------------- ================================================================================ zabbix6.0-6.0.33-1.el8 (FEDORA-EPEL-2024-0214e32cb7) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: Update to 6.0.33 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 15 2024 Orion Poplawski <orion@xxxxxxxx> - 6.0.33-1 - Update to 6.0.33 ((CVE-2024-22114, CVE-2024-22122, CVE-2024-22123, CVE-2024-36460, CVE-2024-36461) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2305132 - CVE-2024-36461 zabbix6.0: irect access to memory pointers within the JS engine for modification [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2305132 [ 2 ] Bug #2305136 - CVE-2024-36460 zabbix6.0: Front-end auditlog shows passwords in plaintext [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2305136 [ 3 ] Bug #2305140 - CVE-2024-22123 zabbix6.0: Zabbix Arbitrary File Read [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2305140 [ 4 ] Bug #2305144 - CVE-2024-22122 zabbix6.0: AT(GSM) Command Injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2305144 [ 5 ] Bug #2305152 - CVE-2024-22114 zabbix6.0: System Information Widget in Global View Dashboard exposes information about Hosts to Users without Permission [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2305152 --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue