The following Fedora EPEL 9 Security updates need testing:
Age URL
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-71fad5c9bd
python-aiohttp-3.9.3-1.el9
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-7190fecd91
wordpress-6.4.3-1.el9
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-2dd0ef9006
chromium-121.0.6167.139-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
ascii-3.19-1.el9
borgmatic-1.8.8-1.el9
fedora-license-data-1.40-1.el9
libebml-1.4.5-1.el9
python-pillow-10.0.1-1.el9
rust-fd-find-9.0.0-1.el9
Details about builds:
================================================================================
ascii-3.19-1.el9 (FEDORA-EPEL-2024-411ab80246)
Interactive ascii name and synonym chart
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 1 2024 Didier Fabert <didier.fabert(a)gmail.com> - 3.19-1
- Update to 3.19 version
* Mon Jan 22 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.18-20
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.18-19
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2262275 - ascii-3.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2262275
--------------------------------------------------------------------------------
================================================================================
borgmatic-1.8.8-1.el9 (FEDORA-EPEL-2024-f3039061cf)
Simple Python wrapper script for borgbackup
--------------------------------------------------------------------------------
Update Information:
- [#736](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/736): Store included configuration files within each
backup archive in support of the "config bootstrap" action. Previously,
only top-level configuration files were stored. -
[#798](https://projects.torsion.org/borgmatic-collective/borgmatic/issues/798):
Elevate specific Borg warnings to errors or squash errors to - warnings. See
the documentation for more information:
[
https://torsion.org/borgmatic/docs/how-to/customize-warnings-and-
errors/](https://torsion.org/borgmatic/docs/how-to/customize-warnings-and-
errors/) - [#810](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/810): SECURITY: Prevent shell injection attacks
within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the
"borgmatic borg" action, and command hook variable/constant interpolation. -
[#814](https://projects.torsion.org/borgmatic-collective/borgmatic/issues/814):
Fix a traceback when providing an invalid "--override" value for a list option.
- [#370](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/370): For the PostgreSQL hook, pass the "PGSSLMODE"
environment variable through to Borg when the database's configuration
omits the "ssl_mode" option. - [#818](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/818): Allow the "--repository" flag to match across
multiple configuration files. - [#820](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/820): Fix broken repository detection in the
"rcreate" action with Borg 1.4. The issue did not occur with other
versions of Borg. - [#822](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/822): Fix broken escaping logic in the PostgreSQL
hook's "pg_dump_command" option. - SECURITY: Prevent additional shell
injection attacks within the PostgreSQL hook.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 2 2024 Felix Kaechele <felix(a)kaechele.ca> - 1.8.8-1
- update to 1.8.8
* Tue Jan 23 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.6-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2259460 - borgmatic-1.8.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2259460
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.40-1.el9 (FEDORA-EPEL-2024-1a12b5aa49)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
Automatic update for fedora-license-data-1.40-1.el9. ##### **Changelog for
fedora-license-data** ``` * Fri Feb 02 2024 Miroslav Such�� <msuchy(a)redhat.com>
1.40-1 - add HPND-UC - add GPL-2.0-or-later WITH GStreamer-exception-2008 - add
TGPPL-1.0 (and replace LicenseRef-TGPPL) ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 2 2024 Miroslav Such�� <msuchy(a)redhat.com> 1.40-1
- add HPND-UC
- add GPL-2.0-or-later WITH GStreamer-exception-2008
- add TGPPL-1.0 (and replace LicenseRef-TGPPL)
--------------------------------------------------------------------------------
================================================================================
libebml-1.4.5-1.el9 (FEDORA-EPEL-2024-93ca58ba54)
Extensible Binary Meta Language library
--------------------------------------------------------------------------------
Update Information:
Update to latest stable release 1.4.5, fixes CVE-2023-52339.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 2 2024 Dominik Mierzejewski <dominik(a)greysector.net> - 1.4.5-1
- update to 1.4.5 (#2254413)
- fixes CVE-2023-52339 (#2258046, #2258047)
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Oct 11 2022 Dominik Mierzejewski <dominik(a)greysector.net> - 1.4.4-1
- update to 1.4.4 (#2131232)
- drop obsolete patch
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2258046 - CVE-2023-52339 libebml: integer overflow in MemIOCallback::read
https://bugzilla.redhat.com/show_bug.cgi?id=2258046
--------------------------------------------------------------------------------
================================================================================
python-pillow-10.0.1-1.el9 (FEDORA-EPEL-2024-ba4100ae20)
Python image processing library
--------------------------------------------------------------------------------
Update Information:
update to 10.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 18 2023 Sandro Mani <manisandro(a)gmail.com> - 10.0.1-1
- Update to 10.0.1
--------------------------------------------------------------------------------
================================================================================
rust-fd-find-9.0.0-1.el9 (FEDORA-EPEL-2024-e2c965f879)
Fd is a simple, fast and user-friendly alternative to find
--------------------------------------------------------------------------------
Update Information:
Update to version 9.0.0. Release notes:
https://github.com/sharkdp/fd/releases/tag/v9.0.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 2 2024 Fabio Valentini <decathorpe(a)gmail.com> - 9.0.0-1
- Update to version 9.0.0; Fixes RHBZ#2255224
* Fri Jan 26 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.7.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------