The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f52b6219ca python39-jinja2-epel-3.1.3-1.2.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-c58045d54f openssl3-3.2.2-2.1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
HepMC3-3.3.0-1.el8 chromium-126.0.6478.114-1.el8 munin-2.0.76-1.el8 perl-Fsdb-3.7-1.el8 radicale-3.2.2-1.el8 youtube-dl-2024.06.11.git0153b38-1.el8
Details about builds:
================================================================================ HepMC3-3.3.0-1.el8 (FEDORA-EPEL-2024-6270719328) C++ Event Record for Monte Carlo Generators -------------------------------------------------------------------------------- Update Information:
HepMC 3.3.0 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 17 2024 Mattias Ellert mattias.ellert@physics.uu.se - 3.3.0-1 - Update to version 3.3.0 - Soname bump for libHepMC3 (3 to 4) - Additional build dependencies for tests - Fix an uninitialized value issue found by valgrind - Drop EPEL7 build (soon to be EOL) - Avoid assert due to implicit narrowing cast on 32 bit architectures * Sat Jun 8 2024 Mattias Ellert mattias.ellert@physics.uu.se - 3.2.7-8 - Rebuild for root 6.32 - Backport support for changes in root 6.32 cmake config * Fri Jun 7 2024 Python Maint python-maint@redhat.com - 3.2.7-7 - Rebuilt for Python 3.13 * Mon Jan 22 2024 Fedora Release Engineering releng@fedoraproject.org - 3.2.7-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering releng@fedoraproject.org - 3.2.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jan 18 2024 Fedora Release Engineering releng@fedoraproject.org - 3.2.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ chromium-126.0.6478.114-1.el8 (FEDORA-EPEL-2024-6b799a502a) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information:
update to 126.0.6478.114 High CVE-2024-6100: Type Confusion in V8 High CVE-2024-6101: Inappropriate implementation in WebAssembly High CVE-2024-6102: Out of bounds memory access in Dawn High CVE-2024-6103: Use after free in Dawn -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 19 2024 Than Ngo than@redhat.com - 126.0.6478.114-1 - update to 126.0.6478.114 * High CVE-2024-6100: Type Confusion in V8 * High CVE-2024-6101: Inappropriate implementation in WebAssembly * High CVE-2024-6102: Out of bounds memory access in Dawn * High CVE-2024-6103: Use after free in Dawn -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2292398 - CVE-2024-5171 chromium: libaom: Integer overflow in internal function��img_alloc_helper [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2292398 [ 2 ] Bug #2292402 - CVE-2024-5171 chromium: libaom: Integer overflow in internal function��img_alloc_helper [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2292402 [ 3 ] Bug #2293009 - CVE-2024-6100 CVE-2024-6101 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2293009 [ 4 ] Bug #2293013 - CVE-2024-6102 chromium: chromium-browser: out of bounds memory access in Dawn [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2293013 [ 5 ] Bug #2293016 - CVE-2024-6103 chromium: chromium-browser: use after free in Dawn [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2293016 --------------------------------------------------------------------------------
================================================================================ munin-2.0.76-1.el8 (FEDORA-EPEL-2024-c4e9d8bcb2) Network-wide resource monitoring tool -------------------------------------------------------------------------------- Update Information:
Upstream update to 2.0.76. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 19 2024 Kim B. Heino b@bbbs.net - 2.0.76-1 - Upgrade to 2.0.76 * Thu Jan 25 2024 Fedora Release Engineering releng@fedoraproject.org - 2.0.75-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering releng@fedoraproject.org - 2.0.75-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ perl-Fsdb-3.7-1.el8 (FEDORA-EPEL-2024-6fb36b2134) A set of commands for manipulating flat-text databases from the shell -------------------------------------------------------------------------------- Update Information:
See http://www.isi.edu/~johnh/SOFTWARE/FSDB/ 3.6 release -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 19 2024 John Heidemann johnh@isi.edu 3.7-1 - See http://www.isi.edu/~johnh/SOFTWARE/FSDB/ --------------------------------------------------------------------------------
================================================================================ radicale-3.2.2-1.el8 (FEDORA-EPEL-2024-07eb8c7b53) A simple CalDAV (calendar) and CardDAV (contact) server -------------------------------------------------------------------------------- Update Information:
Update to 3.2.2 Obsolete radicale-config-storage-hooks-SELinux-note.patch by inject inside spec file Obsolete radicale-httpd by contrib config from upstream Fix group+permissions of /etc/radicale/rights Create an empty file /etc/radicale/users with proper permissions -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 19 2024 Peter Bieringer pb@bieringer.de - 3.2.2-1 - Update to 3.2.2 - Obsolete radicale-config-storage-hooks-SELinux-note.patch by inject inside spec file - Obsolete radicale-httpd by contrib config from upstream - Fix group+permissions of /etc/radicale/rights - Create an empty file /etc/radicale/users with proper permissions --------------------------------------------------------------------------------
================================================================================ youtube-dl-2024.06.11.git0153b38-1.el8 (FEDORA-EPEL-2024-a22b658990) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information:
Update to latest snapshot -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 19 2024 David Bold davidsch@fedoraproject.org - 2024.06.11.git0153b38-1 - Update to latest git snapshot 0153b38 from 2024.06.11 * Fri Jun 7 2024 Python Maint python-maint@redhat.com - 2023.08.04.git86e3cf5-3 - Rebuilt for Python 3.13 * Sat Jan 27 2024 Fedora Release Engineering releng@fedoraproject.org - 2023.08.04.git86e3cf5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org