The following Fedora EPEL 8 Security updates need testing:
Age URL
68 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-31d4c55df0
arm-none-eabi-binutils-cs-2.43-1.el8 arm-none-eabi-gcc-cs-12.4.0-1.el8
arm-none-eabi-newlib-4.4.0.20231231-1.el8
19 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-35583dfe8b
iaito-5.9.6-2.el8 radare2-5.9.6-2.el8
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-60dd7e7ad3
trafficserver-9.2.6-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
cobbler3.2-3.2.3-2.el8
copr-rpmbuild-1.1-1.el8
kobo-0.38.0-1.el8
onedrive-2.5.3-1.el8
python-aiohttp-3.7.4-7.el8
Details about builds:
================================================================================
cobbler3.2-3.2.3-2.el8 (FEDORA-EPEL-2024-375a09fd04)
Boot server configurator
--------------------------------------------------------------------------------
Update Information:
Update to 3.2.3 - CVE-2024-47533
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 19 2024 Orion Poplawski <[email protected]> - 3.2.3-2
- Add patch to fix internal version to 3.2.3
* Sun Nov 17 2024 Orion Poplawski <[email protected]> - 3.2.3-1
- Update to 3.2.3 (CVE-2024-47533)
* Fri May 31 2024 Robby Callicotte <[email protected]> - 3.2.2-16
- Added python3-django dependency version limit for cobbler-web
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2327075 - CVE-2024-47533 cobbler3.2: Cobbler allows anyone to
connect to cobbler XML-RPC server with a known password and make changes
[epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2327075
--------------------------------------------------------------------------------
================================================================================
copr-rpmbuild-1.1-1.el8 (FEDORA-EPEL-2024-5db9b1c6cc)
Run COPR build tasks
--------------------------------------------------------------------------------
Update Information:
Make_srpmbuild, set recursive safe.directory
Activate Red Hat subscription on demand
Drop six usage (this is a Python 3 only package)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 22 2024 Jakub Kadlcik <[email protected]> 1.1-1
- Make_srpmbuild, set recursive safe.directory
- Activate Red Hat subscription on demand
- Drop six usage (this is a Python 3 only package)
- Add tooling for "safer" RH subscription
--------------------------------------------------------------------------------
================================================================================
kobo-0.38.0-1.el8 (FEDORA-EPEL-2024-183aff4bca)
Python modules for tools development
--------------------------------------------------------------------------------
Update Information:
rebase to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 19 2024 Kamil Dudka <[email protected]> - 0.38.0-1
- rebase to latest upstream release (rhbz#2327211)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2327211 - kobo-0.38.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327211
--------------------------------------------------------------------------------
================================================================================
onedrive-2.5.3-1.el8 (FEDORA-EPEL-2024-f4ab45ff1d)
OneDrive Free Client written in D
--------------------------------------------------------------------------------
Update Information:
Update to 2.5.3 (#2326647)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 15 2024 Fedora Release Monitoring
<[email protected]> - 2.5.3-1
- Update to 2.5.3 (#2326647)
--------------------------------------------------------------------------------
================================================================================
python-aiohttp-3.7.4-7.el8 (FEDORA-EPEL-2024-bc19d8cc99)
Python HTTP client/server for asyncio
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2024-52304
Update License field to SPDX.
Build and install the C extensions. Based on the history of security fixes in
later releases, this may close some vulnerabilities and possibly open others,
as both the C and Python HTTP parsing implementations have had their own
distinct issues.
While this backports the fix for CVE-2024-52304, and the fix for CVE-2024-23334
was backported in a previous update, it is very likely that other unmitigated
issues exist in this old release. Unfortunately, updating to a later version in
EPEL8 is impractical at best.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 19 2024 Benjamin A. Beasley <[email protected]> - 3.7.4-7
- Security fix for CVE-2024-52304 (fixes RHBZ#2327151)
* Tue Nov 19 2024 Benjamin A. Beasley <[email protected]> - 3.7.4-6
- Update License to SPDX
* Tue Nov 19 2024 Benjamin A. Beasley <[email protected]> - 3.7.4-5
- Attempt and fail to Run the tests
* Tue Nov 19 2024 Benjamin A. Beasley <[email protected]> - 3.7.4-4
- Actually build the compiled extensions
- Stop disabling debug packages
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2327151 - CVE-2024-52304 python-aiohttp: aiohttp vulnerable to
request smuggling due to incorrect parsing of chunk extensions [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2327151
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
