The following Fedora EPEL 9 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-e7551e4450 oath-toolkit-2.6.12-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing nextcloud-29.0.8-1.el9 python-irodsclient-2.2.0-1.el9 python-rpmautospec-0.7.3-1.el9 retsnoop-0.10.1-1.el9 rust-procs-0.14.6-1.el9 rust-pyo3-0.22.4-1.el9 rust-pyo3-build-config-0.22.4-1.el9 rust-pyo3-ffi-0.22.4-1.el9 rust-pyo3-macros-0.22.4-1.el9 rust-pyo3-macros-backend-0.22.4-1.el9 rust-termbg-0.5.2-1.el9 testcloud-0.11.3-1.el9 yarnpkg-1.22.22-5.el9 Details about builds: ================================================================================ nextcloud-29.0.8-1.el9 (FEDORA-EPEL-2024-67944dae45) Private file sync and share server -------------------------------------------------------------------------------- Update Information: nextcloud 29.0.8 release RHBZ#2310687 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Andrew Bauer <zonexpertconsulting@xxxxxxxxxxx> - 29.0.8-1 - nextcloud 29.0.8 release RHBZ#2310687 * Thu Sep 5 2024 Andrew Bauer <zonexpertconsulting@xxxxxxxxxxx> - 29.0.6-2 - prevent accidental building on distros with old php's -------------------------------------------------------------------------------- References: [ 1 ] Bug #2310687 - nextcloud-30.0.1rc2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2310687 -------------------------------------------------------------------------------- ================================================================================ python-irodsclient-2.2.0-1.el9 (FEDORA-EPEL-2024-a196c5d880) A python API for iRODS -------------------------------------------------------------------------------- Update Information: v2.2.0 - 2024-10-14 Changed Bump server compatibility to iRODS 4.3.3. Limit maximum value for connection timeouts (#623). Disable client redirection to resource, by default (#626, #627). Fixed Adjust use of imported symbols from module for testing. Modify the correct object in session.clone() for ticket_applied attribute. Correct ticket expire example in README. Added Attach server response to exception as server_msg attribute. Add CAT_TICKET_USES_EXCEEDED to irods.exception module. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2.2.0-1 - Update to 2.2.0 (close RHBZ#2318580) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2318580 - python-irodsclient-2.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2318580 -------------------------------------------------------------------------------- ================================================================================ python-rpmautospec-0.7.3-1.el9 (FEDORA-EPEL-2024-1e6fe14cb8) Package and CLI tool to generate release fields and changelogs -------------------------------------------------------------------------------- Update Information: This update has the following improvements: Reset global RPM state after every use. Better error handling when using the CLI: issues concerning the handled files or usage simply print an error message and suppress exception tracebacks. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 11 2024 Nils Philippsen <nils@xxxxxxxxxx> - 0.7.3-1 - Update to 0.7.3 * Fri Sep 20 2024 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 0.7.2-2 - Fix build without poetry -------------------------------------------------------------------------------- ================================================================================ retsnoop-0.10.1-1.el9 (FEDORA-EPEL-2024-9b02f2a86c) A tool for investigating kernel error call stacks -------------------------------------------------------------------------------- Update Information: Update to 0.10.1; Fixes: RHBZ#2317860 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2024 Davide Cavalca <dcavalca@xxxxxxxxxxxxxxxxx> - 0.10.1-1 - Update to 0.10.1; Fixes: RHBZ#2317860 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2317860 - retsnoop-0.10.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2317860 -------------------------------------------------------------------------------- ================================================================================ rust-procs-0.14.6-1.el9 (FEDORA-EPEL-2024-3b7021e403) Modern replacement for ps -------------------------------------------------------------------------------- Update Information: Update procs to version 0.14.6. Update the termbg crate to version 0.5.2. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.14.6-1 - Update to version 0.14.6; Fixes RHBZ#2268356 * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.14.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-pyo3-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a) Bindings to Python interpreter -------------------------------------------------------------------------------- Update Information: Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.22.4-1 - Update to version 0.22.4; Fixes RHBZ#2318282 -------------------------------------------------------------------------------- ================================================================================ rust-pyo3-build-config-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a) Build configuration for the PyO3 ecosystem -------------------------------------------------------------------------------- Update Information: Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.22.4-1 - Update to version 0.22.4; Fixes RHBZ#2318281 -------------------------------------------------------------------------------- ================================================================================ rust-pyo3-ffi-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a) Python-API bindings for the PyO3 ecosystem -------------------------------------------------------------------------------- Update Information: Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.22.4-1 - Update to version 0.22.4; Fixes RHBZ#2318285 -------------------------------------------------------------------------------- ================================================================================ rust-pyo3-macros-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a) Proc macros for PyO3 package -------------------------------------------------------------------------------- Update Information: Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.22.4-1 - Update to version 0.22.4; Fixes RHBZ#2318283 -------------------------------------------------------------------------------- ================================================================================ rust-pyo3-macros-backend-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a) Code generation for PyO3 package -------------------------------------------------------------------------------- Update Information: Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.22.4-1 - Update to version 0.22.4; Fixes RHBZ#2318284 -------------------------------------------------------------------------------- ================================================================================ rust-termbg-0.5.2-1.el9 (FEDORA-EPEL-2024-3b7021e403) Terminal background color detection -------------------------------------------------------------------------------- Update Information: Update procs to version 0.14.6. Update the termbg crate to version 0.5.2. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.5.2-1 - Update to version 0.5.2; Fixes RHBZ#2268196 * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.4.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ testcloud-0.11.3-1.el9 (FEDORA-EPEL-2024-2ae182428b) Tool for running cloud images locally -------------------------------------------------------------------------------- Update Information: Replace db in-place on DATA_DIR change -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 František Zatloukal <fzatlouk@xxxxxxxxxx> - 0.11.3-1 - Release 0.11.3 -------------------------------------------------------------------------------- ================================================================================ yarnpkg-1.22.22-5.el9 (FEDORA-EPEL-2024-78df19aaf3) Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Sync with fedora package. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 15 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-5 - Update bundled ws (CVE-2024-37890) * Thu Oct 10 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-4 - Update bundled elliptic (CVE-2024-48949) * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.22-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jul 4 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-2 - Backport patch for CVE-2024-4067 * Sat Mar 9 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-1 - Update to 1.22.22 * Mon Feb 19 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.21-2 - Backport patches for CVE-2022-37599, CVE-2023-26136, CVE-2023-46234 * Fri Feb 16 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.21-1 - Update to 1.22.21 * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.19-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.19-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed May 3 2023 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.19-6 - Rebuild (nodejs20) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2220677 - CVE-2023-26136 yarnpkg: tough-cookie: prototype pollution in cookie memstore [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2220677 [ 2 ] Bug #2222512 - CVE-2022-25883 yarnpkg: nodejs-semver: Regular expression denial of service [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2222512 [ 3 ] Bug #2246630 - CVE-2023-46234 yarnpkg: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2246630 [ 4 ] Bug #2280614 - CVE-2024-4068 yarnpkg: braces: fails to limit the number of characters it can handle [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280614 [ 5 ] Bug #2280768 - CVE-2024-4067 yarnpkg: micromatch: vulnerable to Regular Expression Denial of Service [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280768 [ 6 ] Bug #2290910 - CVE-2024-29041 yarnpkg: express: cause malformed URLs to be evaluated [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2290910 [ 7 ] Bug #2303222 - CVE-2024-42461 yarnpkg: From NVD collector [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303222 [ 8 ] Bug #2303441 - CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303441 [ 9 ] Bug #2303538 - CVE-2024-42460 yarnpkg: ECDSA signature malleability due to missing checks [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303538 [ 10 ] Bug #2303782 - CVE-2024-42459 yarnpkg: From NVD collector [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303782 [ 11 ] Bug #2317788 - CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2317788 --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue