The following Fedora EPEL 8 Security updates need testing:
Age URL
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-69c0102261
singularity-3.6.4-1.el8
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b7912a8edb
suricata-5.0.4-1.el8
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e85de73cdb
pdns-recursor-4.3.5-1.el8
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6ef54b7a2d
tcpreplay-4.3.3-3.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4f4de3554d
fastd-21-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-86.0.4240.111-1.el8
perl-HTML-Lint-2.32-7.el8
perl-HTTP-Response-Encoding-0.06-32.el8
perl-Pod-Tests-1.20-6.el8
perl-WWW-Mechanize-1.97-1.el8.1
pngcheck-2.3.0-3.el8
python-nuheat-0.3.0-1.el8
wavemon-0.9.2-1.el8
Details about builds:
================================================================================
chromium-86.0.4240.111-1.el8 (FEDORA-EPEL-2020-5f50399d2e)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to Chromium 86. A few big things here: 1. Upstream has made hardware
accelerated video support (VAAPI) for Linux possible without patches. One key
difference is that the patchset used previously in Fedora enabled it by default
and upstream's approach disables it by default. To enable Hardware accelerated
video in chromium, open this link in chromium: chrome://flags/#enable-
accelerated-video-decode Be sure it is turned on. Note that not all GPUs are
supported. 2. All the security fixes you expect with a major release:
CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971
CVE-2020-15972 CVE-2020-15990 CVE-2020-15991 CVE-2020-15973 CVE-2020-15974
CVE-2020-15975 CVE-2020-15976 CVE-2020-6557 CVE-2020-15977 CVE-2020-15978
CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983
CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15992
CVE-2020-15988 CVE-2020-15989 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002
CVE-2020-16003 3. The EPEL-7 build no longer requires minizip, because Red Hat
removed that package in RHEL 7.9. 4. Without bats acting as pollinators, agave
and cacao plants would struggle. That means that bats are responsible for
tequila and chocolate.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 21 2020 Tom Callaway <s...@fedoraproject.org> - 86.0.4240.111-1
- update to 86.0.4240.111
* Tue Oct 20 2020 Tom Callaway <s...@fedoraproject.org> - 86.0.4240.75-2
- use bundled zlib/minizip on el7 (thanks Red Hat. :P)
* Wed Oct 14 2020 Tom Callaway <s...@fedoraproject.org> - 86.0.4240.75-1
- update to 86.0.4240.75
* Mon Sep 28 2020 Tom Callaway <s...@fedoraproject.org> - 85.0.4183.121-2
- rebuild for libevent
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1885883 - CVE-2020-15967 chromium-browser: Use after free in
payments
https://bugzilla.redhat.com/show_bug.cgi?id=1885883
[ 2 ] Bug #1885884 - CVE-2020-15968 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1885884
[ 3 ] Bug #1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1885885
[ 4 ] Bug #1885886 - CVE-2020-15970 chromium-browser: Use after free in NFC
https://bugzilla.redhat.com/show_bug.cgi?id=1885886
[ 5 ] Bug #1885887 - CVE-2020-15971 chromium-browser: Use after free in
printing
https://bugzilla.redhat.com/show_bug.cgi?id=1885887
[ 6 ] Bug #1885888 - CVE-2020-15972 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1885888
[ 7 ] Bug #1885889 - CVE-2020-15990 chromium-browser: Use after free in
autofill
https://bugzilla.redhat.com/show_bug.cgi?id=1885889
[ 8 ] Bug #1885890 - CVE-2020-15991 chromium-browser: Use after free in
password manager
https://bugzilla.redhat.com/show_bug.cgi?id=1885890
[ 9 ] Bug #1885891 - CVE-2020-15973 chromium-browser: Insufficient policy
enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1885891
[ 10 ] Bug #1885892 - CVE-2020-15974 chromium-browser: Integer overflow in
Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1885892
[ 11 ] Bug #1885893 - CVE-2020-15975 chromium-browser: Integer overflow in
SwiftShader
https://bugzilla.redhat.com/show_bug.cgi?id=1885893
[ 12 ] Bug #1885894 - CVE-2020-15976 chromium-browser: Use after free in WebXR
https://bugzilla.redhat.com/show_bug.cgi?id=1885894
[ 13 ] Bug #1885896 - CVE-2020-6557 chromium-browser: Inappropriate
implementation in networking
https://bugzilla.redhat.com/show_bug.cgi?id=1885896
[ 14 ] Bug #1885897 - CVE-2020-15977 chromium-browser: Insufficient data
validation in dialogs
https://bugzilla.redhat.com/show_bug.cgi?id=1885897
[ 15 ] Bug #1885899 - CVE-2020-15978 chromium-browser: Insufficient data
validation in navigation
https://bugzilla.redhat.com/show_bug.cgi?id=1885899
[ 16 ] Bug #1885901 - CVE-2020-15979 chromium-browser: Inappropriate
implementation in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1885901
[ 17 ] Bug #1885902 - CVE-2020-15980 chromium-browser: Insufficient policy
enforcement in Intents
https://bugzilla.redhat.com/show_bug.cgi?id=1885902
[ 18 ] Bug #1885903 - CVE-2020-15981 chromium-browser: Out of bounds read in
audio
https://bugzilla.redhat.com/show_bug.cgi?id=1885903
[ 19 ] Bug #1885904 - CVE-2020-15982 chromium-browser: Side-channel
information leakage in cache
https://bugzilla.redhat.com/show_bug.cgi?id=1885904
[ 20 ] Bug #1885905 - CVE-2020-15983 chromium-browser: Insufficient data
validation in webUI
https://bugzilla.redhat.com/show_bug.cgi?id=1885905
[ 21 ] Bug #1885906 - CVE-2020-15984 chromium-browser: Insufficient policy
enforcement in Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1885906
[ 22 ] Bug #1885907 - CVE-2020-15985 chromium-browser: Inappropriate
implementation in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1885907
[ 23 ] Bug #1885908 - CVE-2020-15986 chromium-browser: Integer overflow in
media
https://bugzilla.redhat.com/show_bug.cgi?id=1885908
[ 24 ] Bug #1885909 - CVE-2020-15987 chromium-browser: Use after free in
WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1885909
[ 25 ] Bug #1885910 - CVE-2020-15992 chromium-browser: Insufficient policy
enforcement in networking
https://bugzilla.redhat.com/show_bug.cgi?id=1885910
[ 26 ] Bug #1885911 - CVE-2020-15988 chromium-browser: Insufficient policy
enforcement in downloads
https://bugzilla.redhat.com/show_bug.cgi?id=1885911
[ 27 ] Bug #1885912 - CVE-2020-15989 chromium-browser: Uninitialized use in
PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1885912
[ 28 ] Bug #1890266 - CVE-2020-16000 chromium-browser: Inappropriate
implementation in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1890266
[ 29 ] Bug #1890267 - CVE-2020-16001 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=1890267
[ 30 ] Bug #1890268 - CVE-2020-16002 chromium-browser: Use after free in
PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1890268
[ 31 ] Bug #1890269 - CVE-2020-16003 chromium-browser: Use after free in
printing
https://bugzilla.redhat.com/show_bug.cgi?id=1890269
--------------------------------------------------------------------------------
================================================================================
perl-HTML-Lint-2.32-7.el8 (FEDORA-EPEL-2020-2fa5d057e8)
HTML::Lint Perl module
--------------------------------------------------------------------------------
Update Information:
First EPEL 8 build.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1829981 - perl-HTML-Lint for EL8
https://bugzilla.redhat.com/show_bug.cgi?id=1829981
--------------------------------------------------------------------------------
================================================================================
perl-HTTP-Response-Encoding-0.06-32.el8 (FEDORA-EPEL-2020-afec362d3d)
HTTP::Response::Encoding Perl module
--------------------------------------------------------------------------------
Update Information:
First EPEL 8 build.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1829984 - perl-HTTP-Response-Encoding for EL8
https://bugzilla.redhat.com/show_bug.cgi?id=1829984
--------------------------------------------------------------------------------
================================================================================
perl-Pod-Tests-1.20-6.el8 (FEDORA-EPEL-2020-308192519b)
Extract embedded tests and code examples from POD
--------------------------------------------------------------------------------
Update Information:
First EPEL 8 build.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1829980 - perl-Pod-Tests for EL8
https://bugzilla.redhat.com/show_bug.cgi?id=1829980
--------------------------------------------------------------------------------
================================================================================
perl-WWW-Mechanize-1.97-1.el8.1 (FEDORA-EPEL-2020-2b1e3b5a9f)
Automates web page form & link interaction
--------------------------------------------------------------------------------
Update Information:
First EPEL 8 build
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1829982 - perl-WWW-Mechanize for EL8
https://bugzilla.redhat.com/show_bug.cgi?id=1829982
--------------------------------------------------------------------------------
================================================================================
pngcheck-2.3.0-3.el8 (FEDORA-EPEL-2020-a2aa2f31cd)
Verifies the integrity of PNG, JNG and MNG files
--------------------------------------------------------------------------------
Update Information:
Enable executable hardening (PIC/PIE) ---- Initial import (#1886858)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-nuheat-0.3.0-1.el8 (FEDORA-EPEL-2020-68023958de)
Python library for NuHeat Signature radiant floor thermostats
--------------------------------------------------------------------------------
Update Information:
Initial package for Fedora
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
wavemon-0.9.2-1.el8 (FEDORA-EPEL-2020-7c7bf13049)
Ncurses-based monitoring application for wireless network devices
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 0.9.2 (#1891272)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 28 2020 Fabian Affolter <m...@fabian-affolter.ch> - 0.9.2-1
- Update to latest upstream release 0.9.2 (#1891272)
* Wed Jul 29 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
0.9.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jan 31 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
0.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
