The following Fedora EPEL 8 Security updates need testing: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-31d4c55df0 arm-none-eabi-binutils-cs-2.43-1.el8 arm-none-eabi-gcc-cs-12.4.0-1.el8 arm-none-eabi-newlib-4.4.0.20231231-1.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d7489f4064 python-zipp-0.5.1-4.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing PEGTL-2.8.3-2.el8 chromium-129.0.6668.70-1.el8 csdiff-3.5.1-1.el8 csmock-3.7.1-1.el8 proftpd-1.3.6e-8.el8 Details about builds: ================================================================================ PEGTL-2.8.3-2.el8 (FEDORA-EPEL-2024-4bca08f0e9) Parsing Expression Grammar Template Library -------------------------------------------------------------------------------- Update Information: Update License to SPDX. Switch to CMake, run tests, and ship CMake files. Update from 2.8.1 to 2.8.3, with some bug fixes: 2.8.2 Fixed parse tree node generation to correctly remove intermediate nodes. 2.8.3 Fixed excessive read-ahead with incremental inputs. Added state manipulators remove_first_state, remove_last_states, rotate_states_right, rotate_states_left, and reverse_states to contrib. Reduced the number of intermediate parse tree nodes. -------------------------------------------------------------------------------- ChangeLog: * Sun Sep 22 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2.8.3-2 - Switch to CMake, run tests, and ship CMake files - Use a better source URL * Thu Sep 3 2020 Attila Lakatos <alakatos@xxxxxxxxxx> - 2.8.3-1 - Update to 2.8.3 Resolves: rhbz#1742557 -------------------------------------------------------------------------------- ================================================================================ chromium-129.0.6668.70-1.el8 (FEDORA-EPEL-2024-5ec6a4bb83) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Update to 129.0.6668.70 * High CVE-2024-9120: Use after free in Dawn * High CVE-2024-9121: Inappropriate implementation in V8 * High CVE-2024-9122: Type Confusion in V8 * High CVE-2024-9123: Integer overflow in Skia -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2024 Than Ngo <than@xxxxxxxxxx> - 129.0.6668.70-1 - update to 129.0.6668.70 * High CVE-2024-9120: Use after free in Dawn * High CVE-2024-9121: Inappropriate implementation in V8 * High CVE-2024-9122: Type Confusion in V8 * High CVE-2024-9123: Integer overflow in Skia * Thu Sep 19 2024 Than Ngo <than@xxxxxxxxxx> - 129.0.6668.58-2 - clean up -------------------------------------------------------------------------------- References: [ 1 ] Bug #2314362 - CVE-2024-7024 chromium: V8 Sandbox Bypass: wasm function signature confusion leading to out of sandbox arbitrary read/write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314362 [ 2 ] Bug #2314363 - CVE-2024-7024 chromium: V8 Sandbox Bypass: wasm function signature confusion leading to out of sandbox arbitrary read/write [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314363 [ 3 ] Bug #2314365 - CVE-2024-7022 chromium: out of bounds memory access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314365 [ 4 ] Bug #2314366 - CVE-2024-7022 chromium: out of bounds memory access [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314366 [ 5 ] Bug #2314367 - CVE-2024-7020 chromium: Inappropriate implementation in Autofill in Google Chrome [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314367 [ 6 ] Bug #2314368 - CVE-2024-7020 chromium: Inappropriate implementation in Autofill in Google Chrome [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314368 [ 7 ] Bug #2314369 - CVE-2024-7019 chromium: Inappropriate implementation in UI in Google Chrome [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314369 [ 8 ] Bug #2314370 - CVE-2024-7019 chromium: Inappropriate implementation in UI in Google Chrome [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314370 [ 9 ] Bug #2314371 - CVE-2024-7018 chromium: Heap buffer overflow in PDF in Google Chrome [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314371 [ 10 ] Bug #2314372 - CVE-2024-7018 chromium: Heap buffer overflow in PDF in Google Chrome [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314372 [ 11 ] Bug #2314375 - CVE-2023-7282 chromium: domain spoofing in google chrome [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314375 [ 12 ] Bug #2314376 - CVE-2023-7282 chromium: domain spoofing in google chrome [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314376 [ 13 ] Bug #2314379 - CVE-2023-7281 chromium: Inappropriate implementation in Compositing in Google Chrome [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314379 -------------------------------------------------------------------------------- ================================================================================ csdiff-3.5.1-1.el8 (FEDORA-EPEL-2024-536d5d7552) Non-interactive tools for processing code scan results in plain-text -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2024 Kamil Dudka <kdudka@xxxxxxxxxx> - 3.5.1-1 - update to latest upstream release -------------------------------------------------------------------------------- ================================================================================ csmock-3.7.1-1.el8 (FEDORA-EPEL-2024-536d5d7552) A mock wrapper for Static Analysis tools -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 25 2024 Kamil Dudka <kdudka@xxxxxxxxxx> - 3.7.1-1 - update to latest upstream -------------------------------------------------------------------------------- ================================================================================ proftpd-1.3.6e-8.el8 (FEDORA-EPEL-2024-f429921623) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information: This update includes a backport of an upstream fix for high CPU load and poor performance when changing directory in a large directory tree. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 20 2024 Paul Howarth <paul@xxxxxxxxxxxx> - 1.3.6e-8 - Add fix for slow accesses in large directory trees (rhbz#2310341) - http://bugs.proftpd.org/show_bug.cgi?id=4307 - https://github.com/proftpd/proftpd/pull/525 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue