The following Fedora EPEL 9 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-e7551e4450
oath-toolkit-2.6.12-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
nextcloud-29.0.8-1.el9
python-irodsclient-2.2.0-1.el9
python-rpmautospec-0.7.3-1.el9
retsnoop-0.10.1-1.el9
rust-procs-0.14.6-1.el9
rust-pyo3-0.22.4-1.el9
rust-pyo3-build-config-0.22.4-1.el9
rust-pyo3-ffi-0.22.4-1.el9
rust-pyo3-macros-0.22.4-1.el9
rust-pyo3-macros-backend-0.22.4-1.el9
rust-termbg-0.5.2-1.el9
testcloud-0.11.3-1.el9
yarnpkg-1.22.22-5.el9
Details about builds:
================================================================================
nextcloud-29.0.8-1.el9 (FEDORA-EPEL-2024-67944dae45)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
nextcloud 29.0.8 release RHBZ#2310687
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 Andrew Bauer <[email protected]> - 29.0.8-1
- nextcloud 29.0.8 release RHBZ#2310687
* Thu Sep 5 2024 Andrew Bauer <[email protected]> - 29.0.6-2
- prevent accidental building on distros with old php's
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2310687 - nextcloud-30.0.1rc2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2310687
--------------------------------------------------------------------------------
================================================================================
python-irodsclient-2.2.0-1.el9 (FEDORA-EPEL-2024-a196c5d880)
A python API for iRODS
--------------------------------------------------------------------------------
Update Information:
v2.2.0 - 2024-10-14
Changed
Bump server compatibility to iRODS 4.3.3.
Limit maximum value for connection timeouts (#623).
Disable client redirection to resource, by default (#626, #627).
Fixed
Adjust use of imported symbols from module for testing.
Modify the correct object in session.clone() for ticket_applied attribute.
Correct ticket expire example in README.
Added
Attach server response to exception as server_msg attribute.
Add CAT_TICKET_USES_EXCEEDED to irods.exception module.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 Benjamin A. Beasley <[email protected]> - 2.2.0-1
- Update to 2.2.0 (close RHBZ#2318580)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2318580 - python-irodsclient-2.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2318580
--------------------------------------------------------------------------------
================================================================================
python-rpmautospec-0.7.3-1.el9 (FEDORA-EPEL-2024-1e6fe14cb8)
Package and CLI tool to generate release fields and changelogs
--------------------------------------------------------------------------------
Update Information:
This update has the following improvements:
Reset global RPM state after every use.
Better error handling when using the CLI: issues concerning the handled files or
usage simply print an error message and suppress exception tracebacks.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 11 2024 Nils Philippsen <[email protected]> - 0.7.3-1
- Update to 0.7.3
* Fri Sep 20 2024 Yaakov Selkowitz <[email protected]> - 0.7.2-2
- Fix build without poetry
--------------------------------------------------------------------------------
================================================================================
retsnoop-0.10.1-1.el9 (FEDORA-EPEL-2024-9b02f2a86c)
A tool for investigating kernel error call stacks
--------------------------------------------------------------------------------
Update Information:
Update to 0.10.1; Fixes: RHBZ#2317860
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 14 2024 Davide Cavalca <[email protected]> - 0.10.1-1
- Update to 0.10.1; Fixes: RHBZ#2317860
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2317860 - retsnoop-0.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2317860
--------------------------------------------------------------------------------
================================================================================
rust-procs-0.14.6-1.el9 (FEDORA-EPEL-2024-3b7021e403)
Modern replacement for ps
--------------------------------------------------------------------------------
Update Information:
Update procs to version 0.14.6.
Update the termbg crate to version 0.5.2.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 Fabio Valentini <[email protected]> - 0.14.6-1
- Update to version 0.14.6; Fixes RHBZ#2268356
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.14.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pyo3-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a)
Bindings to Python interpreter
--------------------------------------------------------------------------------
Update Information:
Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 Fabio Valentini <[email protected]> - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318282
--------------------------------------------------------------------------------
================================================================================
rust-pyo3-build-config-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a)
Build configuration for the PyO3 ecosystem
--------------------------------------------------------------------------------
Update Information:
Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 Fabio Valentini <[email protected]> - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318281
--------------------------------------------------------------------------------
================================================================================
rust-pyo3-ffi-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a)
Python-API bindings for the PyO3 ecosystem
--------------------------------------------------------------------------------
Update Information:
Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 Fabio Valentini <[email protected]> - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318285
--------------------------------------------------------------------------------
================================================================================
rust-pyo3-macros-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a)
Proc macros for PyO3 package
--------------------------------------------------------------------------------
Update Information:
Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 Fabio Valentini <[email protected]> - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318283
--------------------------------------------------------------------------------
================================================================================
rust-pyo3-macros-backend-0.22.4-1.el9 (FEDORA-EPEL-2024-2bb96c1f9a)
Code generation for PyO3 package
--------------------------------------------------------------------------------
Update Information:
Update pyo3 to version 0.22.4.
This version addresses a potential use-after-free RUSTSEC-2024-0378.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 Fabio Valentini <[email protected]> - 0.22.4-1
- Update to version 0.22.4; Fixes RHBZ#2318284
--------------------------------------------------------------------------------
================================================================================
rust-termbg-0.5.2-1.el9 (FEDORA-EPEL-2024-3b7021e403)
Terminal background color detection
--------------------------------------------------------------------------------
Update Information:
Update procs to version 0.14.6.
Update the termbg crate to version 0.5.2.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 Fabio Valentini <[email protected]> - 0.5.2-1
- Update to version 0.5.2; Fixes RHBZ#2268196
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.4.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
testcloud-0.11.3-1.el9 (FEDORA-EPEL-2024-2ae182428b)
Tool for running cloud images locally
--------------------------------------------------------------------------------
Update Information:
Replace db in-place on DATA_DIR change
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 František Zatloukal <[email protected]> - 0.11.3-1
- Release 0.11.3
--------------------------------------------------------------------------------
================================================================================
yarnpkg-1.22.22-5.el9 (FEDORA-EPEL-2024-78df19aaf3)
Fast, reliable, and secure dependency management.
--------------------------------------------------------------------------------
Update Information:
Sync with fedora package.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 15 2024 Sandro Mani <[email protected]> - 1.22.22-5
- Update bundled ws (CVE-2024-37890)
* Thu Oct 10 2024 Sandro Mani <[email protected]> - 1.22.22-4
- Update bundled elliptic (CVE-2024-48949)
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
1.22.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jul 4 2024 Sandro Mani <[email protected]> - 1.22.22-2
- Backport patch for CVE-2024-4067
* Sat Mar 9 2024 Sandro Mani <[email protected]> - 1.22.22-1
- Update to 1.22.22
* Mon Feb 19 2024 Sandro Mani <[email protected]> - 1.22.21-2
- Backport patches for CVE-2022-37599, CVE-2023-26136, CVE-2023-46234
* Fri Feb 16 2024 Sandro Mani <[email protected]> - 1.22.21-1
- Update to 1.22.21
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
1.22.19-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <[email protected]> -
1.22.19-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed May 3 2023 Sandro Mani <[email protected]> - 1.22.19-6
- Rebuild (nodejs20)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2220677 - CVE-2023-26136 yarnpkg: tough-cookie: prototype
pollution in cookie memstore [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2220677
[ 2 ] Bug #2222512 - CVE-2022-25883 yarnpkg: nodejs-semver: Regular
expression denial of service [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2222512
[ 3 ] Bug #2246630 - CVE-2023-46234 yarnpkg: browserify-sign: upper bound
check issue in dsaVerify leads to a signature forgery attack [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2246630
[ 4 ] Bug #2280614 - CVE-2024-4068 yarnpkg: braces: fails to limit the number
of characters it can handle [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280614
[ 5 ] Bug #2280768 - CVE-2024-4067 yarnpkg: micromatch: vulnerable to Regular
Expression Denial of Service [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280768
[ 6 ] Bug #2290910 - CVE-2024-29041 yarnpkg: express: cause malformed URLs to
be evaluated [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2290910
[ 7 ] Bug #2303222 - CVE-2024-42461 yarnpkg: From NVD collector [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303222
[ 8 ] Bug #2303441 - CVE-2024-37890 yarnpkg: denial of service when handling
a request with many HTTP headers [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303441
[ 9 ] Bug #2303538 - CVE-2024-42460 yarnpkg: ECDSA signature malleability due
to missing checks [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303538
[ 10 ] Bug #2303782 - CVE-2024-42459 yarnpkg: From NVD collector [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2303782
[ 11 ] Bug #2317788 - CVE-2024-48949 yarnpkg: Missing Validation in
Elliptic's EDDSA Signature Verification [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2317788
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
