[EPEL-devel] Fedora EPEL 7 updates-testing report

updates Wed, 11 Oct 2023 19:31:29 -0700

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-36e0ca3184   
netatalk-3.1.18-1.el7
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0d68b0d3aa   
chromium-117.0.5938.149-1.el7



The following builds have been pushed to Fedora EPEL 7 updates-testing

    apptainer-1.2.4-1.el7
    libcue-2.2.1-13.el7
    stb-0-0.27.20231009gitc4bbb6e.el7
    trafficserver-9.2.3-1.el7

Details about builds:


================================================================================
 apptainer-1.2.4-1.el7 (FEDORA-EPEL-2023-9351dc66e0)
 Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:

Update to upstream 1.2.4
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 11 2023 Dave Dykstra <d...@fnal.gov> - 1.2.4
- Update to upstream 1.2.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2243304 - apptainer-1.2.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2243304
--------------------------------------------------------------------------------


================================================================================
 libcue-2.2.1-13.el7 (FEDORA-EPEL-2023-b5d558ab14)
 Cue sheet parser library
--------------------------------------------------------------------------------
Update Information:

This update backports the fix for a serious security issue that could cause
arbitrary code execution, tracked as CVE-2023-43641. See [this write-up by Kevin
Backhouse](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-
gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue
and writing the fix.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 10 2023 Adam Williamson <awill...@redhat.com> - 2.2.1-13
- Fix CVE-2023-43641 (Kevin Backhouse)
* Thu Jul 20 2023 Fedora Release Engineering <rel...@fedoraproject.org> - 
2.2.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <rel...@fedoraproject.org> - 
2.2.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <rel...@fedoraproject.org> - 
2.2.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <rel...@fedoraproject.org> - 
2.2.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 
2.2.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 
2.2.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Aug  4 2020 Robert Scheck <rob...@fedoraproject.org> - 2.2.1-6
- Work around CMake out-of-source builds on all branches (#1863986)
* Tue Jul 28 2020 Fedora Release Engineering <rel...@fedoraproject.org> - 
2.2.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <tstel...@redhat.com> - 2.2.1-4
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Jan 29 2020 Fedora Release Engineering <rel...@fedoraproject.org> - 
2.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <rel...@fedoraproject.org> - 
2.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2243168 - CVE-2023-43641 libcue: a out-of-bounds array access 
leads to RCE [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2243168
--------------------------------------------------------------------------------


================================================================================
 stb-0-0.27.20231009gitc4bbb6e.el7 (FEDORA-EPEL-2023-c43dcce45f)
 Single-file public domain libraries for C/C++
--------------------------------------------------------------------------------
Update Information:

A new parallel-installable stb_image_resize2 library is added
(stb_image_resize2-devel). It should provide significantly better performance;
the API is similar but not compatible. The original stb_image_resize library is
deprecated by the author, but will continue to be packaged as stb_image_resize-
devel for the foreseeable future.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 10 2023 Benjamin A. Beasley <c...@musicinmybrain.net> - 
0-0.27.20231009gitc4bbb6e
- Update to 0^20231009gitc4bbb6e
- A new stb_image_resize2 library is introduced
- Upstream has deprecated stb_image_resize, but we still package it
--------------------------------------------------------------------------------


================================================================================
 trafficserver-9.2.3-1.el7 (FEDORA-EPEL-2023-d499e96867)
 Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:

Update to upstream 9.2.3 Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
----  Use OpenSSL 1.1.x from EPEL on EL7 to enable TLSv1.3 and enable Chrome
117+ workaround
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 11 2023 Jered Floyd <je...@redhat.com> 9.2.3-1
- Update to upstream 9.2.3
- Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456
* Wed Oct  4 2023 Jered Floyd <je...@redhat.com> 9.2.2-2
- Use OpenSSL 1.1.x from EPEL on RHEL 7 to fix Chrome 117+ bugs
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2242988 - trafficserver-9.2.3-rc0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2242988
  [ 2 ] Bug #2243251 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: 
Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid 
Reset Attack) [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2243251
  [ 3 ] Bug #2243252 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: 
Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid 
Reset Attack) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2243252
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Fedora EPEL 7 updates-testing report

Reply via email to