The following Fedora EPEL 7 Security updates need testing:
Age URL
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-afd7021128
ipython-3.2.3-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-08427e256d
seamonkey-2.53.15-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
copr-cli-1.105-1.el7
imlib2-1.4.9-8.el7
python-copr-1.125-1.el7
python-websockify-0.6.0-4.el7
Details about builds:
================================================================================
copr-cli-1.105-1.el7 (FEDORA-EPEL-2023-016a5af72a)
Command line interface for COPR
--------------------------------------------------------------------------------
Update Information:
### copr-cli - More understandable module hotfixes description - Add options to
download only built RPMs/spec files - Use the --dirname parameter for copr-cli
monitor - Disable appstream by default - Use SPDX license ### python-copr -
Drop the unneeded marshmallow dependency - Fix APIv3 additional_modules
CoprChroot option - More understandable module hotfixes description - Disable
appstream by default - Use SPDX license
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 24 2023 Jakub Kadlcik <frostyx(a)email.cz> 1.105-1
- More understandable module hotfixes description
- Add options to download only built RPMs/spec files
- Use the --dirname parameter for copr-cli monitor
- Disable appstream by default
- Use SPDX license
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2151239 - RFE: Add --rpms option to download only rpms via download-build
https://bugzilla.redhat.com/show_bug.cgi?id=2151239
--------------------------------------------------------------------------------
================================================================================
imlib2-1.4.9-8.el7 (FEDORA-EPEL-2023-2b409ccc37)
Image loading, saving, rendering, and manipulation library
--------------------------------------------------------------------------------
Update Information:
This update rebases imlib2 from version 1.4.5 to 1.4.9. This is a compatible
update with the same library soname. It resolves multiple high severity CVEs.
- CVE-2011-5326 - CVE-2014-9762 - CVE-2014-9763 - CVE-2014-9764 - CVE-2014-9771
- CVE-2016-3993 - CVE-2016-3994 - CVE-2016-4024
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.9-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.9-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun Feb 11 2018 Sandro Mani <manisandro(a)gmail.com> - 1.4.9-6
- Rebuild (giflib)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.9-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 2 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.9-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.9-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri May 6 2016 Tomas Smetana <tsmetana(a)redhat.com> - 1.4.9-1
- New upstream bugfix version
- Fix rhbz#1323617 - CVE-2016-3993: off by one error in MergeUpdate
- Fix rhbz#1327478 - CVE-2016-4024: integer overflow resulting in insufficient heap
allocation
* Fri Apr 1 2016 Tomas Smetana <tsmetana(a)redhat.com> - 1.4.8-1
- New upstream bugfix version
- Fix rhbz#1323062 - out of bound read in GIF loader
- Fix rhbz#1323082 - divide by zero on 2x1 ellipse
* Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Jan 25 2016 Tomas Smetana <tsmetana(a)redhat.com> - 1.4.7-1
- Rebase to 1.4.7
- Fixes CVE-2014-9762, CVE-2014-9763, CVE-2014-9764
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.6-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Thu Jan 22 2015 Tomas Smetana <tsmetana(a)redhat.com> - 1.4.6-3
- Fix output of imlib2-config --libs (rhbz #1184166)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Thu Jul 31 2014 Tomas Smetana <tsmetana(a)redhat.com> - 1.4.6-1
- New upstream bugfix version
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.5-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.5-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1301617 - CVE-2014-9762 CVE-2014-9763 CVE-2014-9764 imlib2: security issues
fixed in 1.4.7 [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1301617
[ 2 ] Bug #1323064 - CVE-2016-3994 imlib2: out of bound read in GIF loader [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1323064
[ 3 ] Bug #1323084 - CVE-2011-5326 imlib2: divide by zero on 2x1 ellipse [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1323084
[ 4 ] Bug #1323619 - CVE-2016-3993 imlib2: off by one error in MergeUpdate [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1323619
[ 5 ] Bug #1324776 - CVE-2014-9771 imlib2: exploitable integer overflow in
_imlib_SaveImage [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1324776
[ 6 ] Bug #1327480 - CVE-2016-4024 imlib2: integer overflow resulting in insufficient
heap allocation [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1327480
--------------------------------------------------------------------------------
================================================================================
python-copr-1.125-1.el7 (FEDORA-EPEL-2023-016a5af72a)
Python interface for Copr
--------------------------------------------------------------------------------
Update Information:
### copr-cli - More understandable module hotfixes description - Add options to
download only built RPMs/spec files - Use the --dirname parameter for copr-cli
monitor - Disable appstream by default - Use SPDX license ### python-copr -
Drop the unneeded marshmallow dependency - Fix APIv3 additional_modules
CoprChroot option - More understandable module hotfixes description - Disable
appstream by default - Use SPDX license
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 24 2023 Jakub Kadlcik <frostyx(a)email.cz> 1.125-1
- Drop the unneeded marshmallow dependency
- Fix APIv3 additional_modules CoprChroot option
- More understandable module hotfixes description
- Disable appstream by default
- Use SPDX license
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2151239 - RFE: Add --rpms option to download only rpms via download-build
https://bugzilla.redhat.com/show_bug.cgi?id=2151239
--------------------------------------------------------------------------------
================================================================================
python-websockify-0.6.0-4.el7 (FEDORA-EPEL-2023-1bc3956232)
WSGI based adapter for the Websockets protocol
--------------------------------------------------------------------------------
Update Information:
add python36 build
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 25 2023 Jonathan Wright <jonathan(a)almalinux.org> - 0.6.0-4
- Add proper provides for python36 package
* Wed Jan 25 2023 Jonathan Wright <jonathan(a)almalinux.org> - 0.6.0-3
- Build python36-websockify rhbz#1890583
--------------------------------------------------------------------------------