The following Fedora EPEL 9 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c9409db037
audiofile-0.3.6-36.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
chromium-119.0.6045.159-2.el9
ndisc6-1.0.7-3.el9
packit-0.86.2-1.el9
python-specfile-0.25.0-1.el9
python3-rpm-4.16.1.3-25.1.el9
qbittorrent-4.6.0-1.el9
rb_libtorrent-2.0.9-3.el9
Details about builds:
================================================================================
chromium-119.0.6045.159-2.el9 (FEDORA-EPEL-2023-03f6b44faf)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
update to 119.0.6045.159, upstream security release - High CVE-2023-5997, use
after free in Garbage Collection - High CVE-2023-6112, use after free in
Navigation ---- update to 119.0.6045.123. Security fix for CVE-2023-5996
---- update to 119.0.6045.105. Security fixes: High CVE-2023-5480:
Inappropriate implementation in Payments. High CVE-2023-5482: Insufficient
data validation in USB. High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads. Medium
CVE-2023-5851: Inappropriate implementation in Downloads. Medium
CVE-2023-5852: Use after free in Printing. Medium CVE-2023-5853: Incorrect
security UI in Downloads. Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode. Medium CVE-2023-5856:
Use after free in Side Panel. Medium CVE-2023-5857: Inappropriate
implementation in Downloads. Low CVE-2023-5858: Inappropriate implementation
in WebApp Provider. Low CVE-2023-5859: Incorrect security UI in Picture In
Picture.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 19 2023 Than Ngo <t...@redhat.com> - 119.0.6045.159-2
- fix ffmpeg conflicts
* Wed Nov 15 2023 Than Ngo <t...@redhat.com> - 119.0.6045.159-1
- update to 119.0.6045.159, upstream security release
High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation
- add Requires/Conflicts for ABI break in fmpeg-free 6.0.1
- drop first_dts patch, reintroduce first_dts patch in ffmpeg-free-6.0.1
- fixed python3 syntaxWarning: invalid escape sequenc
- skip clang's patches for epel8 that now gets clang-16 update
* Mon Nov 13 2023 Than Ngo <t...@redhat.com> - 119.0.6045.123-2
- fixed bz#2240127, Some h.264 mp4s do not play
* Wed Nov 8 2023 Than Ngo <t...@redhat.com> - 119.0.6045.123-1
- update to 119.0.6045.123, include following security fixes:
high CVE-2023-5996: Use after free in WebAudio
* Tue Nov 7 2023 Than Ngo <t...@redhat.com> - 119.0.6045.105-2
- enable debuginfo
* Wed Nov 1 2023 Than Ngo <t...@redhat.com> - 119.0.6045.105-1
- update to 119.0.6045.105
* Fri Oct 27 2023 Than Ngo <t...@redhat.com> - 119.0.6045.59-1
- update 119.0.6045.59
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2247403 - CVE-2023-5480 chromium: chromium-browser: Inappropriate
implementation in Payments [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247403
[ 2 ] Bug #2247404 - CVE-2023-5480 chromium: chromium-browser: Inappropriate
implementation in Payments [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247404
[ 3 ] Bug #2247405 - CVE-2023-5482 chromium: chromium-browser: Insufficient
data validation in USB [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247405
[ 4 ] Bug #2247406 - CVE-2023-5482 chromium: chromium-browser: Insufficient
data validation in USB [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247406
[ 5 ] Bug #2247408 - CVE-2023-5849 chromium: chromium-browser: Integer
overflow in USB [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247408
[ 6 ] Bug #2247409 - CVE-2023-5849 chromium: chromium-browser: Integer
overflow in USB [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247409
[ 7 ] Bug #2247410 - CVE-2023-5850 chromium: chromium-browser: Incorrect
security UI in Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247410
[ 8 ] Bug #2247411 - CVE-2023-5850 chromium: chromium-browser: Incorrect
security UI in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247411
[ 9 ] Bug #2247412 - CVE-2023-5851 chromium: chromium-browser: Inappropriate
implementation in Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247412
[ 10 ] Bug #2247413 - CVE-2023-5851 chromium: chromium-browser: Inappropriate
implementation in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247413
[ 11 ] Bug #2247414 - CVE-2023-5852 chromium: chromium-browser: Use after
free in Printing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247414
[ 12 ] Bug #2247415 - CVE-2023-5852 chromium: chromium-browser: Use after
free in Printing [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247415
[ 13 ] Bug #2247416 - CVE-2023-5853 chromium: chromium-browser: Incorrect
security UI in Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247416
[ 14 ] Bug #2247417 - CVE-2023-5853 chromium: chromium-browser: Incorrect
security UI in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247417
[ 15 ] Bug #2247418 - CVE-2023-5854 chromium: chromium-browser: Use after
free in Profiles [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247418
[ 16 ] Bug #2247419 - CVE-2023-5855 chromium: chromium-browser: Use after
free in Reading Mode [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247419
[ 17 ] Bug #2247420 - CVE-2023-5854 chromium: chromium-browser: Use after
free in Profiles [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247420
[ 18 ] Bug #2247421 - CVE-2023-5855 chromium: chromium-browser: Use after
free in Reading Mode [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247421
[ 19 ] Bug #2247422 - CVE-2023-5856 chromium: chromium-browser: Use after
free in Side Panel [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247422
[ 20 ] Bug #2247423 - CVE-2023-5856 chromium: chromium-browser: Use after
free in Side Panel [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247423
[ 21 ] Bug #2247424 - CVE-2023-5858 chromium: chromium-browser: Inappropriate
implementation in WebApp Provider [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247424
[ 22 ] Bug #2247425 - CVE-2023-5859 chromium: chromium-browser: Incorrect
security UI in Picture In Picture [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247425
[ 23 ] Bug #2247426 - CVE-2023-5858 chromium: chromium-browser: Inappropriate
implementation in WebApp Provider [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247426
[ 24 ] Bug #2247429 - CVE-2023-5857 chromium: chromium-browser: Inappropriate
implementation in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247429
[ 25 ] Bug #2247430 - CVE-2023-5857 chromium: chromium-browser: Inappropriate
implementation in Downloads [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2247430
--------------------------------------------------------------------------------
================================================================================
ndisc6-1.0.7-3.el9 (FEDORA-EPEL-2023-48b890eb85)
IPv6 diagnostic tools
--------------------------------------------------------------------------------
Update Information:
EPEL9 build of ndisc6.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 20 2023 Dominik Mierzejewski <domi...@greysector.net> - 1.0.7-3
- Switch to HTTPS URLs
- Enable tarball signature verification
- Drop unused patch
- Sort file list alphabetically
- Use SPDX identifiers in License: field
* Thu Jul 20 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
1.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 6 2023 Michele Baldessari <mich...@acksyn.org> - 1.0.7-1
- New upstream
* Thu Jan 19 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
1.0.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Aug 16 2022 Michele Baldessari <mich...@acksyn.org> - 1.0.6-1
- New upstream
* Fri Jul 22 2022 Fedora Release Engineering <rel...@fedoraproject.org> -
1.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Feb 25 2022 Michele Baldessari <mich...@acksyn.org> - 1.0.5-1
- New upstream
* Thu Jan 20 2022 Fedora Release Engineering <rel...@fedoraproject.org> -
1.0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2097191 - [EPEL9] Please branch and build ndisc6 in epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2097191
--------------------------------------------------------------------------------
================================================================================
packit-0.86.2-1.el9 (FEDORA-EPEL-2023-9ecc80d1d9)
A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:
Automatic update for packit-0.86.2-1.el9. ##### **Changelog for packit** ``` *
Mon Nov 20 2023 Packit <he...@packit.dev> - 0.86.2-1 - Packit _0.86.1_ was not
released on PyPI due to an internal bug, it should be fixed in this release. -
Resolves rhbz#2247071 ```
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 20 2023 Packit <he...@packit.dev> - 0.86.2-1
- Packit _0.86.1_ was not released on PyPI due to an internal bug, it should be
fixed in this release.
- Resolves rhbz#2247071
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2247071 - packit-0.86.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247071
--------------------------------------------------------------------------------
================================================================================
python-specfile-0.25.0-1.el9 (FEDORA-EPEL-2023-1c8bddb66a)
A library for parsing and manipulating RPM spec files
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-specfile-0.25.0-1.el9. ##### **Changelog for
python-specfile** ``` * Mon Nov 20 2023 Packit <he...@packit.dev> - 0.25.0-1 -
There is a new method, `Specfile.update_version()`, that allows updating spec
file version even if it is a pre-release. (#317) ```
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 20 2023 Packit <he...@packit.dev> - 0.25.0-1
- There is a new method, `Specfile.update_version()`, that allows updating spec
file version even if it is a pre-release. (#317)
--------------------------------------------------------------------------------
================================================================================
python3-rpm-4.16.1.3-25.1.el9 (FEDORA-EPEL-2023-19e6f88b9b)
Python 3.X packages with RPM bindings
--------------------------------------------------------------------------------
Update Information:
Sync with RHEL 9.3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 30 2023 Florian Festi <ffe...@redhat.com> - 4.16.1.3-25
- Followup on #2166383
- Add compat scripts calling external find-debug, sepdebugcrcfix and debugedit
- Add %__find_debuginfo macro
* Thu May 4 2023 Florian Festi <ffe...@redhat.com> - 4.16.1.3-24
- Use external find-debug and debugedit (#2166383)
* Wed May 3 2023 Florian Festi <ffe...@redhat.com> - 4.16.1.3-23
- Don't error out on IMA signatures on files not supporting them
(#2157835, #2157836)
--------------------------------------------------------------------------------
================================================================================
qbittorrent-4.6.0-1.el9 (FEDORA-EPEL-2023-606db71e76)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
build for epel9
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 22 2023 Leigh Scott <leigh123li...@gmail.com> - 1:4.6.0-1
- Update to 4.6.0
* Fri Jul 21 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
1:4.5.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jun 5 2023 Leigh Scott <leigh123li...@gmail.com> - 1:4.5.3-1
- Update to 4.5.3
* Sat Mar 4 2023 Leigh Scott <leigh123li...@gmail.com> - 1:4.5.2-1
- Update to 4.5.2
* Mon Feb 13 2023 Leigh Scott <leigh123li...@gmail.com> - 1:4.5.1-1
- Update to 4.5.1
* Fri Jan 20 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
1:4.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Nov 28 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.5.0-1
- Update to 4.5.0
- Use qt5 for f36+ due to broken qt6-qtbase-devel
* Tue Nov 1 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.4.5-1
- Update to 4.4.5
* Wed Aug 24 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.4.4-2
- Fix magnet tracker issue
* Wed Aug 24 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.4.4-1
- Update to 4.4.4
* Fri Jul 22 2022 Fedora Release Engineering <rel...@fedoraproject.org> -
1:4.4.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed May 25 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.4.3.1-1
- Update to 4.4.3.1
* Tue May 24 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.4.3-1
- Update to 4.4.3
* Sun Apr 24 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.4.2-2
- Add qtsvg requires
* Fri Mar 25 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.4.2-1
- Update to 4.4.2
* Thu Feb 17 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.4.1-1
- Update to 4.4.1
* Fri Jan 21 2022 Fedora Release Engineering <rel...@fedoraproject.org> -
1:4.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Jan 10 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.4.0-2
- Use QT6 for F36 build
* Fri Jan 7 2022 Leigh Scott <leigh123li...@gmail.com> - 1:4.4.0-1
- Update to 4.4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2172281 - Please branch and build qbittorrent in epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2172281
--------------------------------------------------------------------------------
================================================================================
rb_libtorrent-2.0.9-3.el9 (FEDORA-EPEL-2023-b94d3c178d)
A C++ BitTorrent library aiming to be the best alternative
--------------------------------------------------------------------------------
Update Information:
update to 2.0.9
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 21 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
2.0.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 15 2023 Python Maint <python-ma...@redhat.com> - 2.0.9-2
- Rebuilt for Python 3.12
* Fri May 26 2023 Leigh Scott <leigh123li...@gmail.com> - 2.0.9-1
- Upgrade to 2.0.9
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
