The following Fedora EPEL 9 Security updates need testing: Age URL 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-c5986b2cf1 iaito-5.9.6-1.el9 radare2-5.9.6-1.el9 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-18565c82f2 lemonldap-ng-2.20.1-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing chafa-1.14.5-1.el9 chromium-130.0.6723.116-1.el9 csdiff-3.5.2-1.el9 csmock-3.8.0-1.el9 dav1d-1.5.0-2.el9 davfs2-1.7.0-7.el9 ffmpeg-5.1.4-3.el9 gdu-5.29.0-1.el9 libavif-0.11.1-5.el9 libavif0.10-0.10.1-2.el9 libheif-1.16.1-2.el9 nextcloud-29.0.9-1.el9 nordugrid-arc6-6.21.0-1.el9 onedrive-2.5.2-1.el9 openjph-0.18.0-1.el9 packit-0.103.0-1.el9 python-pytest-freezer-0.4.8-1.el9 rust-ariadne-0.4.1-1.el9 rust-onefetch-2.22.0-4.el9 rust-onefetch-image-2.22.0-2.el9 tito-0.6.27-1.el9 vlc-3.0.21-9.el9 xine-lib-1.2.13-4.el9 Details about builds: ================================================================================ chafa-1.14.5-1.el9 (FEDORA-EPEL-2024-995b432284) Image-to-text converter for terminal -------------------------------------------------------------------------------- Update Information: update to 1.14.5 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 6 2024 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.14.5-1 - update to 1.14.5 * Fri Jul 26 2024 Jonathan Wright <jonathan@xxxxxxxxxxxxx> - 1.14.2-1 - update to 1.14.2 rhbz#2292927 -------------------------------------------------------------------------------- ================================================================================ chromium-130.0.6723.116-1.el9 (FEDORA-EPEL-2024-398707b664) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Update dav1d to version 1.5.0 to address previously unaddressed security issues that are not feasibly addressable by backporting upstream changes. This contains an ABI change (in dav1d 1.3.0), for which all dependent packages were rebuilt. EPEL Updates Policy Exception: https://pagure.io/epel/issue/299 Update chromium to version 130.0.6723.116. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 10 2024 Than Ngo <than@xxxxxxxxxx> - 130.0.6723.116-1 - Update to 130.0.6723.116 * High CVE-2024-10826: Use after free in Family Experience * High CVE-2024-10827: Use after free in Serial -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow when decoding videos with large frame size [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264940 -------------------------------------------------------------------------------- ================================================================================ csdiff-3.5.2-1.el9 (FEDORA-EPEL-2024-67f0106839) Non-interactive tools for processing code scan results in plain-text -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 11 2024 Kamil Dudka <kdudka@xxxxxxxxxx> - 3.5.2-1 - update to latest upstream release -------------------------------------------------------------------------------- ================================================================================ csmock-3.8.0-1.el9 (FEDORA-EPEL-2024-67f0106839) A mock wrapper for Static Analysis tools -------------------------------------------------------------------------------- Update Information: update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 11 2024 Kamil Dudka <kdudka@xxxxxxxxxx> - 3.8.0-1 - update to latest upstream -------------------------------------------------------------------------------- ================================================================================ dav1d-1.5.0-2.el9 (FEDORA-EPEL-2024-398707b664) AV1 cross-platform Decoder -------------------------------------------------------------------------------- Update Information: Update dav1d to version 1.5.0 to address previously unaddressed security issues that are not feasibly addressable by backporting upstream changes. This contains an ABI change (in dav1d 1.3.0), for which all dependent packages were rebuilt. EPEL Updates Policy Exception: https://pagure.io/epel/issue/299 Update chromium to version 130.0.6723.116. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 21 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.5.0-2 - Revert unwanted changes to .gitignore * Sat Oct 19 2024 Peter Robinson <pbrobinson@xxxxxxxxx> - 1.5.0-1 - Update to 1.5.0 * Wed Jul 17 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.4.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri Jun 14 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.4.3-1 - Update to version 1.4.3; Fixes RHBZ#2269666 * Thu Feb 29 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.4.0-1 - Update to version 1.4.0; Fixes RHBZ#2264274 * Wed Jan 24 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Dec 28 2023 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.3.0-1 - Update to version 1.3.0; Fixes RHBZ#2242012 * Wed Oct 11 2023 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.2.1-3 - Migrate to SPDX license * Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow when decoding videos with large frame size [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264940 -------------------------------------------------------------------------------- ================================================================================ davfs2-1.7.0-7.el9 (FEDORA-EPEL-2024-70b62eb130) A filesystem driver for WebDAV -------------------------------------------------------------------------------- Update Information: build for epel9/10 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 25 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.7.0-7 - convert license to SPDX * Wed Jul 17 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.7.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Wed Jan 24 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.7.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.7.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.7.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.7.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Nov 5 2022 Felix Schwarz <fschwarz@xxxxxxxxxxxxxxxxx> - 1.7.0-1 - update to 1.7.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2157884 - Please branch and build davfs2 in epel9. https://bugzilla.redhat.com/show_bug.cgi?id=2157884 -------------------------------------------------------------------------------- ================================================================================ ffmpeg-5.1.4-3.el9 (FEDORA-EPEL-2024-398707b664) A complete solution to record, convert and stream audio and video -------------------------------------------------------------------------------- Update Information: Update dav1d to version 1.5.0 to address previously unaddressed security issues that are not feasibly addressable by backporting upstream changes. This contains an ABI change (in dav1d 1.3.0), for which all dependent packages were rebuilt. EPEL Updates Policy Exception: https://pagure.io/epel/issue/299 Update chromium to version 130.0.6723.116. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 6 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 5.1.4-3 - Rebuild for dav1d 1.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow when decoding videos with large frame size [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264940 -------------------------------------------------------------------------------- ================================================================================ gdu-5.29.0-1.el9 (FEDORA-EPEL-2024-cffbac7791) Fast disk usage analyzer with console interface written in Go -------------------------------------------------------------------------------- Update Information: This is new package. gdu is disk usage analyzer, specify directory to scan or omit it to use current directory. Once everything is scanned you can press ? button to show help popup. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 10 2024 Alexey Lunev <cheembox573@xxxxxxxxx> - 5.29.0-1 - Initial import (Closes rhbz#2314746) -------------------------------------------------------------------------------- ================================================================================ libavif-0.11.1-5.el9 (FEDORA-EPEL-2024-398707b664) Library for encoding and decoding .avif files -------------------------------------------------------------------------------- Update Information: Update dav1d to version 1.5.0 to address previously unaddressed security issues that are not feasibly addressable by backporting upstream changes. This contains an ABI change (in dav1d 1.3.0), for which all dependent packages were rebuilt. EPEL Updates Policy Exception: https://pagure.io/epel/issue/299 Update chromium to version 130.0.6723.116. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 6 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.11.1-5 - Rebuild for dav1d 1.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow when decoding videos with large frame size [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264940 -------------------------------------------------------------------------------- ================================================================================ libavif0.10-0.10.1-2.el9 (FEDORA-EPEL-2024-398707b664) Library for encoding and decoding .avif files -------------------------------------------------------------------------------- Update Information: Update dav1d to version 1.5.0 to address previously unaddressed security issues that are not feasibly addressable by backporting upstream changes. This contains an ABI change (in dav1d 1.3.0), for which all dependent packages were rebuilt. EPEL Updates Policy Exception: https://pagure.io/epel/issue/299 Update chromium to version 130.0.6723.116. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 6 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.10.1-2 - Rebuild for dav1d 1.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow when decoding videos with large frame size [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264940 -------------------------------------------------------------------------------- ================================================================================ libheif-1.16.1-2.el9 (FEDORA-EPEL-2024-398707b664) HEIF and AVIF file format decoder and encoder -------------------------------------------------------------------------------- Update Information: Update dav1d to version 1.5.0 to address previously unaddressed security issues that are not feasibly addressable by backporting upstream changes. This contains an ABI change (in dav1d 1.3.0), for which all dependent packages were rebuilt. EPEL Updates Policy Exception: https://pagure.io/epel/issue/299 Update chromium to version 130.0.6723.116. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 6 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.16.1-2 - Rebuild for dav1d 1.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow when decoding videos with large frame size [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264940 -------------------------------------------------------------------------------- ================================================================================ nextcloud-29.0.9-1.el9 (FEDORA-EPEL-2024-b9c08df6f6) Private file sync and share server -------------------------------------------------------------------------------- Update Information: 29.0.9 release -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 11 2024 Andrew Bauer <zonexpertconsulting@xxxxxxxxxxx> - 29.0.9-1 - 29.0.9 release * Fri Oct 18 2024 Andrew Bauer <zonexpertconsulting@xxxxxxxxxxx> - 29.0.8-2 - require php-pecl-redis6 or php-pecl-redis5 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc6-6.21.0-1.el9 (FEDORA-EPEL-2024-66d1ec88ff) Advanced Resource Connector Middleware -------------------------------------------------------------------------------- Update Information: AEC 6.21 -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 10 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 6.21.0-1 - Update to version 6.21.0 -------------------------------------------------------------------------------- ================================================================================ onedrive-2.5.2-1.el9 (FEDORA-EPEL-2024-cc91306075) OneDrive Free Client written in D -------------------------------------------------------------------------------- Update Information: Update onedrive to 2.5.2 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 14 2024 Zamir SUN <sztsian@xxxxxxxxx> - 2.5.2-1 - Update to 2.5.2 - Fixes RHBZ#2315073 RHBZ#2258756 -------------------------------------------------------------------------------- ================================================================================ openjph-0.18.0-1.el9 (FEDORA-EPEL-2024-319cf81904) Open-source implementation of JPEG2000 Part-15 (or JPH or HTJ2K) -------------------------------------------------------------------------------- Update Information: Update to 0.18.0. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 11 2024 Simone Caronni <negativo17@xxxxxxxxx> - 0.18.0-1 - Update to 0.18.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2314015 - Invalid instruction, sddm, gwenview and others crash https://bugzilla.redhat.com/show_bug.cgi?id=2314015 [ 2 ] Bug #2322683 - openjph-0.18.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2322683 -------------------------------------------------------------------------------- ================================================================================ packit-0.103.0-1.el9 (FEDORA-EPEL-2024-f64a35535d) A tool for integrating upstream projects with Fedora operating system -------------------------------------------------------------------------------- Update Information: Automatic update for packit-0.103.0-1.el9. Changelog for packit * Sun Nov 10 2024 Packit <hello@xxxxxxxxxx> - 0.103.0-1 - Packit now supports and defaults to `fast_forward_merge_into` syntax via `--dist-git-branches-mapping` in `dist-git init`. (#2456) -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 10 2024 Packit <hello@xxxxxxxxxx> - 0.103.0-1 - Packit now supports and defaults to `fast_forward_merge_into` syntax via `--dist-git-branches-mapping` in `dist-git init`. (#2456) -------------------------------------------------------------------------------- ================================================================================ python-pytest-freezer-0.4.8-1.el9 (FEDORA-EPEL-2024-7dea30a258) Pytest plugin providing a fixture interface for freezegun -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 11 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.4.8-1 - Initial package (close RHBZ#2325070) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2325070 - Review Request: python-pytest-freezer - Pytest plugin providing a fixture interface for freezegun https://bugzilla.redhat.com/show_bug.cgi?id=2325070 -------------------------------------------------------------------------------- ================================================================================ rust-ariadne-0.4.1-1.el9 (FEDORA-EPEL-2024-adf4a78da0) Fancy diagnostics & reporting crate -------------------------------------------------------------------------------- Update Information: import rhbz#2314660 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 8 2024 Cristian Le <cristian.le@xxxxxxxxxxx> - 0.4.1-1 - import rhbz#2314660 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2314660 - Review Request: rust-ariadne - Fancy diagnostics & reporting crate https://bugzilla.redhat.com/show_bug.cgi?id=2314660 -------------------------------------------------------------------------------- ================================================================================ rust-onefetch-2.22.0-4.el9 (FEDORA-EPEL-2024-0a2e792c04) Command-line Git information tool -------------------------------------------------------------------------------- Update Information: Update the rust-image-0.25 patch to match what was merged upstream: fewer image formats are now supported, but the compiled executable is smaller. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 10 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2.22.0-4 - Update the rust-image-0.25 patch to match what was merged upstream - Fewer image formats are now supported. -------------------------------------------------------------------------------- ================================================================================ rust-onefetch-image-2.22.0-2.el9 (FEDORA-EPEL-2024-0a2e792c04) Display images in the terminal -------------------------------------------------------------------------------- Update Information: Update the rust-image-0.25 patch to match what was merged upstream: fewer image formats are now supported, but the compiled executable is smaller. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 10 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 2.22.0-2 - Update the rust-image-0.25 patch to match what was merged upstream - Fewer image formats are now supported. -------------------------------------------------------------------------------- ================================================================================ tito-0.6.27-1.el9 (FEDORA-EPEL-2024-d54ce7b426) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information: 507 - Defer submodule detection to git to prevent fails caused by empty .gitmodules file Many improvements to tests and they now run during package build 460 - Sometimes Tito-built packages have lower NVR than packages from the official repositories. This can now be prevented by new config option buildconfig.test_version_suffix. It can be used like this: -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 11 2024 Jakub KadlÄ?Ãk <frostyx@xxxxxxxx> - Defer submodule detection to git - Many improvements to tests and they now run during package build - New config option `buildconfig.test_version_suffix` -------------------------------------------------------------------------------- ================================================================================ vlc-3.0.21-9.el9 (FEDORA-EPEL-2024-398707b664) The cross-platform open-source multimedia framework, player and server -------------------------------------------------------------------------------- Update Information: Update dav1d to version 1.5.0 to address previously unaddressed security issues that are not feasibly addressable by backporting upstream changes. This contains an ABI change (in dav1d 1.3.0), for which all dependent packages were rebuilt. EPEL Updates Policy Exception: https://pagure.io/epel/issue/299 Update chromium to version 130.0.6723.116. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 6 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1:3.0.21-9 - Rebuild for dav1d 1.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow when decoding videos with large frame size [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264940 -------------------------------------------------------------------------------- ================================================================================ xine-lib-1.2.13-4.el9 (FEDORA-EPEL-2024-398707b664) A multimedia engine -------------------------------------------------------------------------------- Update Information: Update dav1d to version 1.5.0 to address previously unaddressed security issues that are not feasibly addressable by backporting upstream changes. This contains an ABI change (in dav1d 1.3.0), for which all dependent packages were rebuilt. EPEL Updates Policy Exception: https://pagure.io/epel/issue/299 Update chromium to version 130.0.6723.116. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 6 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.2.13-4 - Rebuild for dav1d 1.5.0 * Sat Mar 18 2023 Xavier Bachelot <xavier@xxxxxxxxxxxx> - 1.2.13-3 - Enable external libdvdnav for EL9 - Restore specfile compatibility with RPM Fusion for EL7/8 - Restore building from snapshot * Fri Mar 17 2023 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 1.2.13-2 - Rebuilt for libmpcdec 1.3.0 * Sun Mar 12 2023 Neal Gompa <ngompa@xxxxxxxxxxxxxxxxx> - 1.2.13-1 - Update to 1.2.13 - Enable DTS/DCA and VCD support plugins * Wed Feb 15 2023 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.2.12-11 - rebuild for libvpx -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow when decoding videos with large frame size [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264940 --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue