The following Fedora EPEL 7 Security updates need testing:
Age URL
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-dc3bd1f656
llvm13-13.0.1-1.el7 rust-1.58.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
HepMC3-3.2.5-2.el7
distribution-gpg-keys-1.65-1.el7
tito-0.6.20-1.el7
varnish-4.0.5-3.el7
Details about builds:
================================================================================
HepMC3-3.2.5-2.el7 (FEDORA-EPEL-2022-dfd6db3976)
C++ Event Record for Monte Carlo Generators
--------------------------------------------------------------------------------
Update Information:
HepMC3 3.2.5
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 22 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 3.2.5-2
- Fix detection of installed Pythia HepMC3 interface
- Fix endian issue in HEPEVT wrappers
- Fix doxygen markup syntax
* Mon Feb 21 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 3.2.5-1
- Update to version 3.2.5
- Update License tag for bxzstr
* Wed Jan 19 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2.4-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.65-1.el7 (FEDORA-EPEL-2022-9d40115088)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
- update copr keys - Add remi 2022 key
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 22 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.65-1
- update copr keys
- Add remi 2022 key
--------------------------------------------------------------------------------
================================================================================
tito-0.6.20-1.el7 (FEDORA-EPEL-2022-5ca4a44f33)
A tool for managing rpm based git projects
--------------------------------------------------------------------------------
Update Information:
- If failing because of unexpected binary files, we print them for easier
debugging - When releasing to DistGit, the git config of the current project is
considered (therefore allowing to use different than global name, email, etc) -
Fix #194 - Mead builds are able to push different branches than master
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 23 2022 Jakub Kadlcik <frostyx(a)email.cz> 0.6.20-1
- Sync repo (in addition to tag) during mead build (nmoumoul(a)redhat.com)
- Add 'Building RHEL packages with Tito' as external doc (frostyx(a)email.cz)
- Consider the current project git config when releasing to DistGit
(frostyx(a)email.cz)
- Print the problematic binary files (frostyx(a)email.cz)
--------------------------------------------------------------------------------
================================================================================
varnish-4.0.5-3.el7 (FEDORA-EPEL-2022-18ac3af1c8)
High-performance HTTP accelerator
--------------------------------------------------------------------------------
Update Information:
This release includes a security update with mitigation instructions for
VSV00008 aka CVE-2022-23959 PLEASE NOTE: varnish-4.0.5 is marked END OF LIFE
from the Varnish Cache upstream project. Please consider upgrading to
varnish-6.0 LTS. See
https://varnish-cache.org/ for updated packages compatible
with VCL 4.0 on el7. Other updates: - Workaround for systemd race - Dropped el6
support ---- A security update. Includes mitigation instructions for VSV00008
aka CVE-2022-23959 **PLEASE NOTE**: varnish-4.0.5 is marked **END OF LIFE**
from the Varnish Cache upstream project. Please consider upgrading to
varnish-6.0 LTS. See
https://varnish-cache.org/ for updated packages compatible
with VCL 4.0 on el7.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 22 2022 Ingvar Hagelund <ingvar(a)redpill-linpro.com> 4.0.5-3
- Added a sleep 0.5 to ExecStartPost, working around a race in
systemd, fixing bz#1478278
* Wed Feb 16 2022 Ingvar Hagelund <ingvar(a)redpill-linpro.com> 4.0.5-2
- Added mitigation instructions for VSV00008 aka CVE-2022-23959
SECURITY, PLEASE NOTE: varnish-4.0.5 is marked END OF LIFE from the
Varnish Cache upstream project. Please consider upgrading to varnish-6.0 LTS
See /usr/share/doc/varnish-4.0.5/vsv8_epel7_varnish405.vcl for details.
- Dropped el6 support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1478278 - Error messages about invalid argument during start.
https://bugzilla.redhat.com/show_bug.cgi?id=1478278
[ 2 ] Bug #2045034 - CVE-2022-23959 varnish: HTTP/1 request smuggling vulnerability
[epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=2045034
--------------------------------------------------------------------------------