The following Fedora EPEL 8 Security updates need testing: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-820fb1124a seamonkey-2.53.10.1-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-96.0.4664.110-2.el8 intel-ipp-crypto-mb-1.0.4-2.el8 keepassxc-2.6.6-3.el8 libopenmpt-0.6.0-1.el8 pyshp-2.1.3-2.el8 pyzor-1.0.0-28.20200530gitf46159b.el8 qwt-6.1.5-5.el8 rclone-1.57.0-1.el8
Details about builds:
================================================================================ chromium-96.0.4664.110-2.el8 (FEDORA-EPEL-2021-6dad252f66) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information:
Update to 96.0.4664.110. You know the drill, lots of security bugs fixed, update if you like security, hit that like and subscribe button. CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4079 CVE-2021-4078 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38008 CVE-2021-38009 CVE-2021-38006 CVE-2021-38007 CVE-2021-38005 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 -------------------------------------------------------------------------------- ChangeLog:
* Mon Dec 20 2021 Tom Callaway spot@fedoraproject.org - 96.0.4664.110-2 - enable WebRTCPipeWireCapturer by default * Thu Dec 16 2021 Tom Callaway spot@fedoraproject.org - 96.0.4664.110-1 - update to 96.0.4664.110 * Fri Nov 19 2021 Tom Callaway spot@fedoraproject.org - 96.0.4664.45-1 - update to 96.0.4664.45 * Fri Nov 12 2021 Tom Callaway spot@fedoraproject.org - 95.0.4638.69-1 - update to 95.0.4638.69 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2018561 - CVE-2021-37997 chromium-browser: Use after free in Sign-In https://bugzilla.redhat.com/show_bug.cgi?id=2018561 [ 2 ] Bug #2018562 - CVE-2021-37998 chromium-browser: Use after free in Garbage Collection https://bugzilla.redhat.com/show_bug.cgi?id=2018562 [ 3 ] Bug #2018563 - CVE-2021-37999 chromium-browser: Insufficient data validation in New Tab Page https://bugzilla.redhat.com/show_bug.cgi?id=2018563 [ 4 ] Bug #2018564 - CVE-2021-38000 chromium-browser: Insufficient validation of untrusted input in Intents https://bugzilla.redhat.com/show_bug.cgi?id=2018564 [ 5 ] Bug #2018565 - CVE-2021-38001 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2018565 [ 6 ] Bug #2018566 - CVE-2021-38002 chromium-browser: Use after free in Web Transport https://bugzilla.redhat.com/show_bug.cgi?id=2018566 [ 7 ] Bug #2018567 - CVE-2021-38003 chromium-browser: Inappropriate implementation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2018567 [ 8 ] Bug #2024272 - CVE-2021-38008 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=2024272 [ 9 ] Bug #2024273 - CVE-2021-38009 chromium-browser: Inappropriate implementation in cache https://bugzilla.redhat.com/show_bug.cgi?id=2024273 [ 10 ] Bug #2024274 - CVE-2021-38006 chromium-browser: Use after free in storage foundation https://bugzilla.redhat.com/show_bug.cgi?id=2024274 [ 11 ] Bug #2024275 - CVE-2021-38007 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2024275 [ 12 ] Bug #2024276 - CVE-2021-38005 chromium-browser: Use after free in loader https://bugzilla.redhat.com/show_bug.cgi?id=2024276 [ 13 ] Bug #2024277 - CVE-2021-38010 chromium-browser: Inappropriate implementation in service workers https://bugzilla.redhat.com/show_bug.cgi?id=2024277 [ 14 ] Bug #2024278 - CVE-2021-38011 chromium-browser: Use after free in storage foundation https://bugzilla.redhat.com/show_bug.cgi?id=2024278 [ 15 ] Bug #2024279 - CVE-2021-38012 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2024279 [ 16 ] Bug #2024280 - CVE-2021-38013 chromium-browser: Heap buffer overflow in fingerprint recognition https://bugzilla.redhat.com/show_bug.cgi?id=2024280 [ 17 ] Bug #2024281 - CVE-2021-38014 chromium-browser: Out of bounds write in Swiftshader https://bugzilla.redhat.com/show_bug.cgi?id=2024281 [ 18 ] Bug #2024282 - CVE-2021-38015 chromium-browser: Inappropriate implementation in input https://bugzilla.redhat.com/show_bug.cgi?id=2024282 [ 19 ] Bug #2024283 - CVE-2021-38016 chromium-browser: Insufficient policy enforcement in background fetch https://bugzilla.redhat.com/show_bug.cgi?id=2024283 [ 20 ] Bug #2024284 - CVE-2021-38017 chromium-browser: Insufficient policy enforcement in iframe sandbox https://bugzilla.redhat.com/show_bug.cgi?id=2024284 [ 21 ] Bug #2024285 - CVE-2021-38018 chromium-browser: Inappropriate implementation in navigation https://bugzilla.redhat.com/show_bug.cgi?id=2024285 [ 22 ] Bug #2024286 - CVE-2021-38019 chromium-browser: Insufficient policy enforcement in CORS https://bugzilla.redhat.com/show_bug.cgi?id=2024286 [ 23 ] Bug #2024287 - CVE-2021-38020 chromium-browser: Insufficient policy enforcement in contacts picker https://bugzilla.redhat.com/show_bug.cgi?id=2024287 [ 24 ] Bug #2024288 - CVE-2021-38021 chromium-browser: Inappropriate implementation in referrer https://bugzilla.redhat.com/show_bug.cgi?id=2024288 [ 25 ] Bug #2024289 - CVE-2021-38022 chromium-browser: Inappropriate implementation in WebAuthentication https://bugzilla.redhat.com/show_bug.cgi?id=2024289 [ 26 ] Bug #2029881 - CVE-2021-4052 chromium-browser: Use after free in web apps https://bugzilla.redhat.com/show_bug.cgi?id=2029881 [ 27 ] Bug #2029882 - CVE-2021-4053 chromium-browser: Use after free in UI https://bugzilla.redhat.com/show_bug.cgi?id=2029882 [ 28 ] Bug #2029883 - CVE-2021-4054 chromium-browser: Incorrect security UI in autofill https://bugzilla.redhat.com/show_bug.cgi?id=2029883 [ 29 ] Bug #2029884 - CVE-2021-4055 chromium-browser: Heap buffer overflow in extensions https://bugzilla.redhat.com/show_bug.cgi?id=2029884 [ 30 ] Bug #2029885 - CVE-2021-4056 chromium-browser: Type Confusion in loader https://bugzilla.redhat.com/show_bug.cgi?id=2029885 [ 31 ] Bug #2029886 - CVE-2021-4057 chromium-browser: Use after free in file API https://bugzilla.redhat.com/show_bug.cgi?id=2029886 [ 32 ] Bug #2029887 - CVE-2021-4058 chromium-browser: Heap buffer overflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2029887 [ 33 ] Bug #2029888 - CVE-2021-4059 chromium-browser: Insufficient data validation in loader https://bugzilla.redhat.com/show_bug.cgi?id=2029888 [ 34 ] Bug #2029889 - CVE-2021-4061 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2029889 [ 35 ] Bug #2029890 - CVE-2021-4062 chromium-browser: Heap buffer overflow in BFCache https://bugzilla.redhat.com/show_bug.cgi?id=2029890 [ 36 ] Bug #2029892 - CVE-2021-4063 chromium-browser: Use after free in developer tools https://bugzilla.redhat.com/show_bug.cgi?id=2029892 [ 37 ] Bug #2029893 - CVE-2021-4064 chromium-browser: Use after free in screen capture https://bugzilla.redhat.com/show_bug.cgi?id=2029893 [ 38 ] Bug #2029894 - CVE-2021-4065 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=2029894 [ 39 ] Bug #2029895 - CVE-2021-4066 chromium-browser: Integer underflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2029895 [ 40 ] Bug #2029896 - CVE-2021-4067 chromium-browser: Use after free in window manager https://bugzilla.redhat.com/show_bug.cgi?id=2029896 [ 41 ] Bug #2029897 - CVE-2021-4068 chromium-browser: Insufficient validation of untrusted input in new tab page https://bugzilla.redhat.com/show_bug.cgi?id=2029897 [ 42 ] Bug #2032168 - CVE-2021-4098 chromium-browser: Insufficient data validation in Mojo https://bugzilla.redhat.com/show_bug.cgi?id=2032168 [ 43 ] Bug #2032169 - CVE-2021-4099 chromium-browser: Use after free in Swiftshader https://bugzilla.redhat.com/show_bug.cgi?id=2032169 [ 44 ] Bug #2032170 - CVE-2021-4100 chromium-browser: Object lifecycle issue in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2032170 [ 45 ] Bug #2032171 - CVE-2021-4101 chromium-browser: Heap buffer overflow in Swiftshader https://bugzilla.redhat.com/show_bug.cgi?id=2032171 [ 46 ] Bug #2032172 - CVE-2021-4102 chromium-browser: Use after free in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2032172 --------------------------------------------------------------------------------
================================================================================ intel-ipp-crypto-mb-1.0.4-2.el8 (FEDORA-EPEL-2021-a772a99568) Intel(R) IPP Cryptography multi-buffer library -------------------------------------------------------------------------------- Update Information:
Update for release of crypto_mb version 1.0.4 (upstream version 2021.5). -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 23 2021 Andrey Matyukov andrey.matyukov@intel.com - 1.0.4-2 - Fixed a symbolic link in intel-ipp-crypto-mb-devel package. * Wed Dec 22 2021 Andrey Matyukov andrey.matyukov@intel.com - 1.0.4-1 - Added ECDSA/ECDHE for the NIST P-521 curve; - Added ECC over SM2 curve: Public Key Generation, ECDSA Signature / Verification, ECDHE; - Added SM3 algorithm; - Added SM4 algorithm (ECB, CBC, CTR, OFB and CFB modes of operation); - Added ed25519 Signature / Verification schemes; - Added x25519 key agreement functionality: public key generation, shared key computation; - Added modular exponentiation for fixed sizes: 1k, 2k, 3k, 4k. --------------------------------------------------------------------------------
================================================================================ keepassxc-2.6.6-3.el8 (FEDORA-EPEL-2021-ac0e6ef0ea) Cross-platform password manager -------------------------------------------------------------------------------- Update Information:
2.6.6 release -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 19 2021 Bj��rn Esser besser82@fedoraproject.org - 2.6.6-3 - Rebuild (quazip) * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 2.6.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Mon Jun 14 2021 Mukundan Ragavan nonamedotc@fedoraproject.org - 2.6.6-1 - Update to 2.6.6 --------------------------------------------------------------------------------
================================================================================ libopenmpt-0.6.0-1.el8 (FEDORA-EPEL-2021-aef7932797) C/C++ library to decode tracker music module (MOD) files -------------------------------------------------------------------------------- Update Information:
libopenmpt 0.6.0 (2021-12-23) * [New] `MUS` files from Psycho Pinball and Micro Machines 2 are now supported. * [New] `SymMOD` files created with Symphonie / Symphonie Pro are now supported. * [New] `FMT` files created with Davey W Taylor���s FM Tracker are now supported. * [New] `DSYM` files created with Digital Symphony are now supported. * [New] TakeTracker MODs with `TDZ1` to `TDZ3` magic bytes are now supported. * [New] openmpt123: openmpt123 will now expand file wildcards passed on the command line in Windows when built with MSVC. * [New] libopenmpt_ext: New interface `interactive2` adding `openmpt::ext::interactive2::note_off()`, `openmpt::ext::interactive2::note_fade()`, `openmpt::ext::interactive2::set_channel_panning()`, `openmpt::ext::interactive2::get_channel_panning()`, `openmpt::ext::interactive2::set_note_finetune()`, and `openmpt::ext::interactive2::get_note_finetune()` (C++) and `openmpt_module_ext_interface_interactive2.note_off()`, `openmpt_module_ext_interface_interactive2.note_fade()`, `openmpt_module_ext_interface_interactive2.set_channel_panning()`, `openmpt_module_ext_interface_interactive2.get_channel_panning()`, `openmpt_module_ext_interface_interactive2.set_note_finetune()`, and `openmpt_module_ext_interface_interactive2.get_note_finetune()` (C). * [New] `Makefile` `CONFIG=emscripten` now supports `EMSCRIPTEN_TARGET=audioworkletprocessor` which builds an ES6 module in a single file with reduced dependencies suitable to be used in an AudioWorkletProcessor. * [New] `Makefile` `CONFIG=emscripten` now supports `EMSCRIPTEN_PORTS=1` which uses dependencies (zlib, mp123, ogg, and vorbis) from Emscripten Ports instead of using miniz, minimp3, and stb_vorbis locally or building zlib, mp123, ogg, and vorbis locally. * [New] `Makefile` `CONFIG=emscripten` and `CONFIG=djgpp` can now build zlib, mpg123, and vorbis locally instead of only supporting miniz, minimp3, and stb_vorbis via ALLOW_LGPL=1. * [Change] `Makefile` `CONFIG=emscripten` now supports `EMSCRIPTEN_TARGET=all` which provides WebAssembly as well as fallback to JavaScript in a single build. * [Change] openmpt123: DOS builds now use the Mercury fork of `liballegro 4.2` for improved hardware compatibility. * [Change] libopenmpt no longer generates internal interpolation tables on library load time, but instead only on first module load time. * [Regression] `Makefile` `CONFIG=emscripten` does not support `EMSCRIPTEN_TARGET=asmjs` or `EMSCRIPTEN_TARGET=asmjs128m` any more because support has been removed from current Emscripten versions. * [Regression] Support for GCC 7 has been removed. * [Regression] Support for Clang 5, 6 has been removed. * [Regression] Support for Emscripten versions older than 1.39.7 has been removed. * [Regression] Building with Android NDK older than NDK r19c is not supported any more. * libopenmpt can now detect infinite pattern loops and treats them as the song end. This means that setting a repeat count other than -1 now always guarantees that playback will eventually end. The song loop counter is decremented each time it ends up at the start of the infinite loop, so the song does not restart from the beginning even if the repeat count is not 0. * `openmpt::module::set_position_seconds()` accuracy has been improved for modules with pattern loops. * IT: Portamentos in files with Linear Slides disabled are now more accurate. * IT: Pitch/Pan Separation was affected by note-off commands, and wasn���t reset by panning commands like in Impulse Tracker. * IT: Even after libopenmpt 0.5.14 the filter reset logic was still not 100% identical to Impulse Tracker: A note triggered on tick 0 of a row with a Pattern Delay effect still caused the filter to be reset on repetitions of that row even though the note wasn���t retriggered. * IT: Added read-only support for BeRoTracker commands 1 and 2 (equivalent to XM commands K and L). * XM: BeRoTracker saves smooth MIDI macros in a different way from OpenMPT. This command is now imported correctly. * XM: Emulate FT2 Tone Portamento quirk that inverts portamento direction after the target was reached (if target note was higher than previous note). * S3M files saved with Impulse Tracker and latest Schism Tracker now also compute sample playback speed in Hertz. * Depending on whether an S3M file was last saved in Scream Tracker with the Sound Blaster or Gravis Ultrasound drivers loaded, different compatibility flags are now applied. For files saved with the GUS, the sample volume factor is now also ignored (fixes volume levels in S3Ms made on the GUS, in particular if they use both samples and OPL instruments). * S3M: Enforce the lower frequency bound. * MOD: Loosened VBlank timing heuristics so that the original copy of Guitar Slinger from Dizzy Tunes II plays correctly. * FAR: Correct portamento depth is now used. * DMF / IMF: Improved accuracy of finetune commands. * MDL: Implemented finetune command. * OKT: Various accuracy improvements such as: Sharing volume between mixed channels, volume commands on mixed channels are permanent (not reset with new notes), mixed channels do not support default sample volume, 7-bit samples are actually supposed to be played as-is (not amplified to full 8-bit range), reject speed command parameters >= 20. -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 23 2021 Michael Schwendt mschwendt@fedoraproject.org - 0.6.0-1 - upgrade to 0.6.0 (new stable release branch) * Thu Dec 23 2021 Michael Schwendt mschwendt@fedoraproject.org - 0.5.15-1 - update to 0.5.15 (security release) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2035378 - libopenmpt-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2035378 --------------------------------------------------------------------------------
================================================================================ pyshp-2.1.3-2.el8 (FEDORA-EPEL-2021-2ee979e8ab) Pure Python read/write support for ESRI Shapefile format -------------------------------------------------------------------------------- Update Information:
**VERSION 2.1.3 2021-01-14** *Bug fixes:* - Fix recent bug in geojson hole-in- polygon checking - Misc fixes to allow geo interface dump to json (eg dates as strings) - Handle additional dbf date null values, and return faulty dates as unicode - Add writer target typecheck - Fix bugs to allow reading shp/shx/dbf separately - Allow delayed shapefile loading by passing no args - Fix error with writing empty z/m shapefile - Fix signed_area() so ignores z/m coords - Enforce writing the 11th field name character as null-terminator (only first 10 are used) - Minor README fixes - Added more tests **VERSION 2.1.2 2020-09-10** *Bug fixes:* - Fix issue where `warnings.simplefilter('always')` changes global warning behavior **VERSION 2.1.1 2020-09-09** *Improvements:* - Handle shapes with no coords and represent as geojson with no coords (GeoJSON null- equivalent) - Expand testing to Python 3.6, 3.7, 3.8 and PyPy; drop 3.3 and 3.4 - Added pytest testing *Bug fixes:* - Fix incorrect geo interface handling of multipolygons with complex exterior-hole relations - Enforce shapefile requirement of at least one field, to avoid writing invalid shapefiles - Fix Reader geo interface including DeletionFlag field in feature properties - Fix polygons not being auto closed, which was accidentally dropped - Fix error for null geometries in feature geojson - Misc docstring cleanup -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 23 2021 Benjamin A. Beasley code@musicinmybrain.net 2.1.3-1 - Update to 2.1.3 --------------------------------------------------------------------------------
================================================================================ pyzor-1.0.0-28.20200530gitf46159b.el8 (FEDORA-EPEL-2021-424264f842) Collaborative spam filtering system -------------------------------------------------------------------------------- Update Information:
Update to latest Git snapshot -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 23 2021 Robert Scheck robert@fedoraproject.org - 1.0.0-28 - Added patch for unittests to fix Python 3.11 build (#2026772) * Fri Jul 23 2021 Fedora Release Engineering releng@fedoraproject.org - 1.0.0-27 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri Jun 4 2021 Python Maint python-maint@redhat.com - 1.0.0-26 - Rebuilt for Python 3.10 * Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 1.0.0-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Jul 29 2020 Fedora Release Engineering releng@fedoraproject.org - 1.0.0-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri May 29 2020 Jason L Tibbitts III tibbs@math.uh.edu - 1.0.0-23.20200530gitf46159b - Update to current git snapshot (fixes python 3.9 build). - Remove merged patch. * Tue May 26 2020 Miro Hron��ok mhroncok@redhat.com - 1.0.0-22 - Rebuilt for Python 3.9 * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 1.0.0-21 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Oct 3 2019 Miro Hron��ok mhroncok@redhat.com - 1.0.0-20 - Rebuilt for Python 3.8.0rc1 (#1748018) --------------------------------------------------------------------------------
================================================================================ qwt-6.1.5-5.el8 (FEDORA-EPEL-2021-268a0c7b8c) Qt Widgets for Technical Applications -------------------------------------------------------------------------------- Update Information:
Update qwt version to go with updated qt5 version -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 23 2021 Fedora Release Engineering releng@fedoraproject.org - 6.1.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 6.1.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2027464 - Current qwt version is incompatible with latest Qt5 version in Appstream repo (Centos 8) https://bugzilla.redhat.com/show_bug.cgi?id=2027464 --------------------------------------------------------------------------------
================================================================================ rclone-1.57.0-1.el8 (FEDORA-EPEL-2021-910fd71fbc) Rsync for cloud storage -------------------------------------------------------------------------------- Update Information:
Update to 1.57.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 22 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 1.57.0-1 - Update to 1.57.0 - Close: rhbz#1953788 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1953788 - rclone-1.57.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1953788 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org