[EPEL-devel] Fedora EPEL 7 updates-testing report

updates Fri, 24 Nov 2023 16:20:56 -0800

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7e5dc8aef7   
chromium-119.0.6045.159-1.el7



The following builds have been pushed to Fedora EPEL 7 updates-testing

    golang-1.20.10-3.el7
    php-smarty-gettext-1.7.0-2.el7

Details about builds:


================================================================================
 golang-1.20.10-3.el7 (FEDORA-EPEL-2023-1c906d04ee)
 The Go Programming Language
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-39320, CVE-2023-39318, CVE-2023-39321, CVE-2023-39322,
CVE-2023-39323
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 23 2023 Dave Dykstra <d...@fedoraproject.org> - 1.20.10-3
- Skip ppc64le_cgo_inline_plt test which is failing on el7.
* Thu Nov 23 2023 Dave Dykstra <d...@fedoraproject.org> - 1.20.10-2
- Rebuild to correct day of week on 1.19.13 changelog.
* Thu Nov 23 2023 Dave Dykstra <d...@fedoraproject.org> - 1.20.10-1
- Update to 1.20.10 by doing the equivalent changes done in RedHat ubi8.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2237775 - CVE-2023-39320 golang: cmd/go: go.mod toolchain 
directive allows arbitrary execution
        https://bugzilla.redhat.com/show_bug.cgi?id=2237775
  [ 2 ] Bug #2237776 - CVE-2023-39318 golang: html/template:  improper handling 
of HTML-like comments within script contexts
        https://bugzilla.redhat.com/show_bug.cgi?id=2237776
  [ 3 ] Bug #2237777 - CVE-2023-39321 golang: crypto/tls: panic when processing 
post-handshake message on QUIC connections
        https://bugzilla.redhat.com/show_bug.cgi?id=2237777
  [ 4 ] Bug #2237778 - CVE-2023-39322 golang: crypto/tls: lack of a limit on 
buffered post-handshake
        https://bugzilla.redhat.com/show_bug.cgi?id=2237778
  [ 5 ] Bug #2242544 - CVE-2023-39323 golang: cmd/go: line directives allows 
arbitrary execution during build
        https://bugzilla.redhat.com/show_bug.cgi?id=2242544
--------------------------------------------------------------------------------


================================================================================
 php-smarty-gettext-1.7.0-2.el7 (FEDORA-EPEL-2023-976baae7b3)
 Gettext support for Smarty
--------------------------------------------------------------------------------
Update Information:

First EPEL 7 build.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 16 2023 Xavier Bachelot <xav...@bachelot.org> - 1.7.0-2
- Provide autoloader
- Run test suite
* Mon Jul 17 2023 Xavier Bachelot <xav...@bachelot.org> - 1.7.0-1
- Initial package
--------------------------------------------------------------------------------

--
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Fedora EPEL 7 updates-testing report

Reply via email to