[EPEL-devel] Fedora EPEL 9 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora EPEL 9 Security updates need testing:
 Age  URL
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-e7551e4450   oath-toolkit-2.6.12-1.el9


The following builds have been pushed to Fedora EPEL 9 updates-testing

    nextcloud-29.0.8-1.el9
    python-irodsclient-2.2.0-1.el9
    python-rpmautospec-0.7.3-1.el9
    retsnoop-0.10.1-1.el9
    rust-procs-0.14.6-1.el9
    rust-pyo3-0.22.4-1.el9
    rust-pyo3-build-config-0.22.4-1.el9
    rust-pyo3-ffi-0.22.4-1.el9
    rust-pyo3-macros-0.22.4-1.el9
    rust-pyo3-macros-backend-0.22.4-1.el9
    rust-termbg-0.5.2-1.el9
    testcloud-0.11.3-1.el9
    yarnpkg-1.22.22-5.el9

Details about builds:


================================================================================
 nextcloud-29.0.8-1.el9 (FEDORA-EPEL-2024-67944dae45)
 Private file sync and share server
--------------------------------------------------------------------------------
Update Information:

nextcloud 29.0.8 release RHBZ#2310687
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Andrew Bauer <zonexpertconsulting@xxxxxxxxxxx> - 29.0.8-1
- nextcloud 29.0.8 release RHBZ#2310687
* Thu Sep  5 2024 Andrew Bauer <zonexpertconsulting@xxxxxxxxxxx> - 29.0.6-2
- prevent accidental building on distros with old php's
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2310687 - nextcloud-30.0.1rc2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2310687
--------------------------------------------------------------------------------


================================================================================
 python-irodsclient-2.2.0-1.el9 (FEDORA-EPEL-2024-a196c5d880)
 A python API for iRODS
--------------------------------------------------------------------------------
Update Information:

v2.2.0 - 2024-10-14
Changed
Bump server compatibility to iRODS 4.3.3.
Limit maximum value for connection timeouts (#623).
Disable client redirection to resource, by default (#626, #627).
Fixed
Adjust use of imported symbols from module for testing.
Modify the correct object in session.clone() for ticket_applied attribute.
Correct ticket expire example in README.
Added
Attach server response to exception as server_msg attribute.
Add CAT_TICKET_USES_EXCEEDED to irods.exception module.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2.2.0-1
- Update to 2.2.0 (close RHBZ#2318580)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2318580 - python-irodsclient-2.2.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2318580
--------------------------------------------------------------------------------


================================================================================
 python-rpmautospec-0.7.3-1.el9 (FEDORA-EPEL-2024-1e6fe14cb8)
 Package and CLI tool to generate release fields and changelogs
--------------------------------------------------------------------------------
Update Information:

This update has the following improvements:
Reset global RPM state after every use.
Better error handling when using the CLI: issues concerning the handled files or
usage simply print an error message and suppress exception tracebacks.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 11 2024 Nils Philippsen <nils@xxxxxxxxxx> - 0.7.3-1
- Update to 0.7.3
* Fri Sep 20 2024 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 0.7.2-2
- Fix build without poetry
--------------------------------------------------------------------------------


================================================================================
 retsnoop-0.10.1-1.el9 (FEDORA-EPEL-2024-9b02f2a86c)
 A tool for investigating kernel error call stacks
--------------------------------------------------------------------------------
Update Information:

Update to 0.10.1; Fixes: RHBZ#2317860
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 14 2024 Davide Cavalca <dcavalca@xxxxxxxxxxxxxxxxx> - 0.10.1-1
- Update to 0.10.1; Fixes: RHBZ#2317860
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2317860 - retsnoop-0.10.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2317860
--------------------------------------------------------------------------------


================================================================================
 rust-procs-0.14.6-1.el9 (FEDORA-EPEL-2024-3b7021e403)
 Modern replacement for ps
--------------------------------------------------------------------------------
Update Information:

Update procs to version 0.14.6.
Update the termbg crate to version 0.5.2.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.14.6-1
- Update to version 0.14.6; Fixes RHBZ#2268356
* Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.14.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 rust-pyo3-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a)
 Bindings to Python interpreter
--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318282
--------------------------------------------------------------------------------


================================================================================
 rust-pyo3-build-config-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a)
 Build configuration for the PyO3 ecosystem
--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318281
--------------------------------------------------------------------------------


================================================================================
 rust-pyo3-ffi-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a)
 Python-API bindings for the PyO3 ecosystem
--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318285
--------------------------------------------------------------------------------


================================================================================
 rust-pyo3-macros-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a)
 Proc macros for PyO3 package
--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318283
--------------------------------------------------------------------------------


================================================================================
 rust-pyo3-macros-backend-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a)
 Code generation for PyO3 package
--------------------------------------------------------------------------------
Update Information:

Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318284
--------------------------------------------------------------------------------


================================================================================
 rust-termbg-0.5.2-1.el9 (FEDORA-EPEL-2024-3b7021e403)
 Terminal background color detection
--------------------------------------------------------------------------------
Update Information:

Update procs to version 0.14.6.
Update the termbg crate to version 0.5.2.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.5.2-1
- Update to version 0.5.2; Fixes RHBZ#2268196
* Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.4.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 testcloud-0.11.3-1.el9 (FEDORA-EPEL-2024-2ae182428b)
 Tool for running cloud images locally
--------------------------------------------------------------------------------
Update Information:

Replace db in-place on DATA_DIR change
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 František Zatloukal <fzatlouk@xxxxxxxxxx> - 0.11.3-1
- Release 0.11.3
--------------------------------------------------------------------------------


================================================================================
 yarnpkg-1.22.22-5.el9 (FEDORA-EPEL-2024-78df19aaf3)
 Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:

Sync with fedora package.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 15 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-5
- Update bundled ws (CVE-2024-37890)
* Thu Oct 10 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-4
- Update bundled elliptic (CVE-2024-48949)
* Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jul  4 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-2
- Backport patch for CVE-2024-4067
* Sat Mar  9 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.22-1
- Update to 1.22.22
* Mon Feb 19 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.21-2
- Backport patches for CVE-2022-37599, CVE-2023-26136, CVE-2023-46234
* Fri Feb 16 2024 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.21-1
- Update to 1.22.21
* Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.19-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.22.19-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed May  3 2023 Sandro Mani <manisandro@xxxxxxxxx> - 1.22.19-6
- Rebuild (nodejs20)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2220677 - CVE-2023-26136 yarnpkg: tough-cookie: prototype pollution in cookie memstore [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2220677
  [ 2 ] Bug #2222512 - CVE-2022-25883 yarnpkg: nodejs-semver: Regular expression denial of service [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2222512
  [ 3 ] Bug #2246630 - CVE-2023-46234 yarnpkg: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2246630
  [ 4 ] Bug #2280614 - CVE-2024-4068 yarnpkg: braces: fails to limit the number of characters it can handle [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2280614
  [ 5 ] Bug #2280768 - CVE-2024-4067 yarnpkg: micromatch: vulnerable to Regular Expression Denial of Service [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2280768
  [ 6 ] Bug #2290910 - CVE-2024-29041 yarnpkg: express: cause malformed URLs to be evaluated [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2290910
  [ 7 ] Bug #2303222 - CVE-2024-42461 yarnpkg: From NVD collector [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2303222
  [ 8 ] Bug #2303441 - CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2303441
  [ 9 ] Bug #2303538 - CVE-2024-42460 yarnpkg: ECDSA signature malleability due to missing checks [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2303538
  [ 10 ] Bug #2303782 - CVE-2024-42459 yarnpkg: From NVD collector [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2303782
  [ 11 ] Bug #2317788 - CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2317788
--------------------------------------------------------------------------------


-- 
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux