The following Fedora EPEL 8 Security updates need testing: Age URL 68 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-31d4c55df0 arm-none-eabi-binutils-cs-2.43-1.el8 arm-none-eabi-gcc-cs-12.4.0-1.el8 arm-none-eabi-newlib-4.4.0.20231231-1.el8 19 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-35583dfe8b iaito-5.9.6-2.el8 radare2-5.9.6-2.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-60dd7e7ad3 trafficserver-9.2.6-2.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing cobbler3.2-3.2.3-2.el8 copr-rpmbuild-1.1-1.el8 kobo-0.38.0-1.el8 onedrive-2.5.3-1.el8 python-aiohttp-3.7.4-7.el8 Details about builds: ================================================================================ cobbler3.2-3.2.3-2.el8 (FEDORA-EPEL-2024-375a09fd04) Boot server configurator -------------------------------------------------------------------------------- Update Information: Update to 3.2.3 - CVE-2024-47533 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 19 2024 Orion Poplawski <orion@xxxxxxxx> - 3.2.3-2 - Add patch to fix internal version to 3.2.3 * Sun Nov 17 2024 Orion Poplawski <orion@xxxxxxxx> - 3.2.3-1 - Update to 3.2.3 (CVE-2024-47533) * Fri May 31 2024 Robby Callicotte <rcallicotte@xxxxxxxxxxxxxxxxx> - 3.2.2-16 - Added python3-django dependency version limit for cobbler-web -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327075 - CVE-2024-47533 cobbler3.2: Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2327075 -------------------------------------------------------------------------------- ================================================================================ copr-rpmbuild-1.1-1.el8 (FEDORA-EPEL-2024-5db9b1c6cc) Run COPR build tasks -------------------------------------------------------------------------------- Update Information: Make_srpmbuild, set recursive safe.directory Activate Red Hat subscription on demand Drop six usage (this is a Python 3 only package) -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 22 2024 Jakub Kadlcik <frostyx@xxxxxxxx> 1.1-1 - Make_srpmbuild, set recursive safe.directory - Activate Red Hat subscription on demand - Drop six usage (this is a Python 3 only package) - Add tooling for "safer" RH subscription -------------------------------------------------------------------------------- ================================================================================ kobo-0.38.0-1.el8 (FEDORA-EPEL-2024-183aff4bca) Python modules for tools development -------------------------------------------------------------------------------- Update Information: rebase to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 19 2024 Kamil Dudka <kdudka@xxxxxxxxxx> - 0.38.0-1 - rebase to latest upstream release (rhbz#2327211) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327211 - kobo-0.38.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2327211 -------------------------------------------------------------------------------- ================================================================================ onedrive-2.5.3-1.el8 (FEDORA-EPEL-2024-f4ab45ff1d) OneDrive Free Client written in D -------------------------------------------------------------------------------- Update Information: Update to 2.5.3 (#2326647) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 15 2024 Fedora Release Monitoring <release-monitoring@xxxxxxxxxxxxxxxxx> - 2.5.3-1 - Update to 2.5.3 (#2326647) -------------------------------------------------------------------------------- ================================================================================ python-aiohttp-3.7.4-7.el8 (FEDORA-EPEL-2024-bc19d8cc99) Python HTTP client/server for asyncio -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-52304 Update License field to SPDX. Build and install the C extensions. Based on the history of security fixes in later releases, this may close some vulnerabilities and possibly open others, as both the C and Python HTTP parsing implementations have had their own distinct issues. While this backports the fix for CVE-2024-52304, and the fix for CVE-2024-23334 was backported in a previous update, it is very likely that other unmitigated issues exist in this old release. Unfortunately, updating to a later version in EPEL8 is impractical at best. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 19 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 3.7.4-7 - Security fix for CVE-2024-52304 (fixes RHBZ#2327151) * Tue Nov 19 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 3.7.4-6 - Update License to SPDX * Tue Nov 19 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 3.7.4-5 - Attempt and fail to Run the tests * Tue Nov 19 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 3.7.4-4 - Actually build the compiled extensions - Stop disabling debug packages -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327151 - CVE-2024-52304 python-aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2327151 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
