The following Fedora EPEL 7 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-1f3ec359c3
cobbler-2.8.5-5.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-db09048bde
nbd-3.24-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-e1430e72de
wordpress-5.1.13-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-bd2c412d62
zabbix40-4.0.39-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-54fdcd70bd
zabbix50-5.0.21-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-d009c17be8
abcm2ps-8.14.13-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
csdiff-2.3.0-1.el7
csmock-3.3.1-1.el7
libcaca-0.99-0.40.beta20.el7
libyang-2.0.164-1.el7
php-composer-semver3-3.3.0-1.el7
Details about builds:
================================================================================
csdiff-2.3.0-1.el7 (FEDORA-EPEL-2022-15b96667a2)
Non-interactive tools for processing code scan results in plain-text
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 15 2022 Kamil Dudka <kdudka(a)redhat.com> 2.3.0-1
- update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
csmock-3.3.1-1.el7 (FEDORA-EPEL-2022-15b96667a2)
A mock wrapper for Static Analysis tools
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 15 2022 Kamil Dudka <kdudka(a)redhat.com> 3.3.1-1
- update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
libcaca-0.99-0.40.beta20.el7 (FEDORA-EPEL-2022-03421505cb)
Library for Colour AsCii Art, text mode graphics
--------------------------------------------------------------------------------
Update Information:
- Clean up SPEC file. - Update to beta20. - CVE-2018-20545, CVE-2018-20546,
CVE-2018-20547, CVE-2018-20548, CVE-2018-20549 (#1687860). - CVE-2021-30498
(#1948677). - CVE-2021-30499 (#1948681). - CVE-2021-3410 (#1931971).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 14 2022 Simone Caronni <negativo17(a)gmail.com> - 0.99-0.40.beta20
- More cleanups.
* Mon Mar 14 2022 Simone Caronni <negativo17(a)gmail.com> - 0.99-0.39.beta20
- Clean up SPEC file.
- Update to beta20.
- CVE-2018-20545, CVE-2018-20546, CVE-2018-20547, CVE-2018-20548, CVE-2018-20549
(#1687860).
- CVE-2021-30498 (#1948677).
- CVE-2021-30499 (#1948681).
- CVE-2021-3410 (#1931971).
* Sun Mar 13 2022 Simone Caronni <negativo17(a)gmail.com> - 0.99-0.38.beta19
- Merge changes from master (up to 0.37).
* Mon Nov 9 2015 Matthias Saou <matthias(a)saou.eu> 0.99-0.26.beta19
- Update to 0.99.beta19.
- Remove upstreamed ruby patch, fixed in November 2012 (commit 36990e1).
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.99-0.25.beta18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat May 2 2015 Kalev Lember <kalevlember(a)gmail.com> - 0.99-0.24.beta18
- Rebuilt for GCC 5 C++11 ABI change
* Sat Jan 17 2015 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 0.99-0.23.beta18
- Rebuild for
https://fedoraproject.org/wiki/Changes/Ruby_2.2
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.99-0.22.beta18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.99-0.21.beta18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Apr 24 2014 V��t Ondruch <vondruch(a)redhat.com> - 0.99-0.20.beta18
- Rebuilt for
https://fedoraproject.org/wiki/Changes/Ruby_2.1
* Tue Mar 11 2014 Matthias Saou <matthias(a)saou.eu> 0.99-0.19.beta18
- Update to 0.99.beta18 (#1062632).
- Add python-caca sub-package with python bindings.
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.99-0.18.beta17
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1687860 - CVE-2018-20544 CVE-2018-20545 CVE-2018-20546 CVE-2018-20547
CVE-2018-20548 CVE-2018-20549 libcaca: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1687860
[ 2 ] Bug #1931971 - libcaca: Illegal write memory access in caca_resize function in
caca/canvas.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1931971
[ 3 ] Bug #1948677 - CVE-2021-30498 libcaca: Heap buffer overflow of export.c in
function export_tga [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1948677
[ 4 ] Bug #1948681 - CVE-2021-30499 libcaca: Global buffer overflow of export.c in
function export_troff [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1948681
--------------------------------------------------------------------------------
================================================================================
libyang-2.0.164-1.el7 (FEDORA-EPEL-2022-c54ec1e715)
YANG data modeling language library
--------------------------------------------------------------------------------
Update Information:
Upstream version 2.0.164
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 15 2022 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 2.0.164-1
- Rebase to version 2.0.164
--------------------------------------------------------------------------------
================================================================================
php-composer-semver3-3.3.0-1.el7 (FEDORA-EPEL-2022-30e6913283)
Semver library version 3
--------------------------------------------------------------------------------
Update Information:
**Version 3.3.0** - 2022-03-15 * Improved performance of CompilingMatcher by
memoizing more (#131) * Added CompilingMacher::clear to clear all memoization
caches
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 15 2022 Remi Collet <remi(a)remirepo.net> - 3.3.0-1
- update to 3.3.0
--------------------------------------------------------------------------------