The following Fedora EPEL 9 Security updates need testing:
Age URL
22 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-c5986b2cf1
iaito-5.9.6-1.el9 radare2-5.9.6-1.el9
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-97fdc539e2
cobbler-3.3.7-1.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1fa5fbde17
cobbler3.2-3.2.3-2.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-7ac44bd3cc
python-aiohttp-3.9.5-2.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-3672733748
rust-rustls-0.23.17-1.el9 rust-zlib-rs-0.4.0-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
chromium-131.0.6778.85-1.el9
devscripts-2.24.3-2.el9
fast_float-3.11.0-4.el9
fedora-license-data-1.62-1.el9
onedrive-2.5.3-2.el9
perl-Git-Wrapper-0.048-21.el9
rust-fundu-core-0.3.0-5.el9
rust-nu-0.99.1-5.el9
rust-nu-cli-0.99.1-2.el9
rust-nu-command-0.99.1-2.el9
rust-nu-parser-0.99.1-2.el9
rust-nu-protocol-0.99.1-2.el9
rust-onefetch-2.22.0-5.el9
rust-reedline-0.37.0-2.el9
rust-time-0.3.36-2.el9
rust-uu_tail-0.0.27-2.el9
rust-zoxide-0.9.4-3.el9
tmt-1.39.0-1.el9
wordpress-6.7.1-1.el9
Details about builds:
================================================================================
chromium-131.0.6778.85-1.el9 (FEDORA-EPEL-2024-7a7d342b23)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 131.0.6778.85
* High CVE-2024-11395: Type Confusion in V8
* High CVE-2024-11110: Inappropriate implementation in Blink
* Medium CVE-2024-11111: Inappropriate implementation in Autofill
* Medium CVE-2024-11112: Use after free in Media
* Medium CVE-2024-11113: Use after free in Accessibility
* Medium CVE-2024-11114: Inappropriate implementation in Views
* Medium CVE-2024-11115: Insufficient policy enforcement in Navigation
* Medium CVE-2024-11116: Inappropriate implementation in Paint
* Low CVE-2024-11117: Inappropriate implementation in FileSystem
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 20 2024 Than Ngo <[email protected]> - 131.0.6778.85-1
- Update to 131.0.6778.85
* High CVE-2024-11395: Type Confusion in V8
* Tue Nov 12 2024 Than Ngo <[email protected]> - 131.0.6778.69-1
- Update to 131.0.6778.69
* High CVE-2024-11110: Inappropriate implementation in Blink
* Medium CVE-2024-11111: Inappropriate implementation in Autofill
* Medium CVE-2024-11112: Use after free in Media
* Medium CVE-2024-11113: Use after free in Accessibility
* Medium CVE-2024-11114: Inappropriate implementation in Views
* Medium CVE-2024-11115: Insufficient policy enforcement in Navigation
* Medium CVE-2024-11116: Inappropriate implementation in Paint
* Low CVE-2024-11117: Inappropriate implementation in FileSystem
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2325761 - CVE-2024-11110 chromium: Inappropriate implementation in
Extensions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325761
[ 2 ] Bug #2325762 - CVE-2024-11110 chromium: Inappropriate implementation in
Extensions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325762
[ 3 ] Bug #2325763 - CVE-2024-11111 chromium: Inappropriate implementation in
Autofill [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325763
[ 4 ] Bug #2325764 - CVE-2024-11111 chromium: Inappropriate implementation in
Autofill [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325764
[ 5 ] Bug #2325765 - CVE-2024-11113 chromium: Use after free in Accessibility
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325765
[ 6 ] Bug #2325766 - CVE-2024-11113 chromium: Use after free in Accessibility
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325766
[ 7 ] Bug #2325767 - CVE-2024-11116 chromium: Inappropriate implementation in
Blink [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325767
[ 8 ] Bug #2325768 - CVE-2024-11116 chromium: Inappropriate implementation in
Blink [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325768
[ 9 ] Bug #2325769 - CVE-2024-11117 chromium: Inappropriate implementation in
FileSystem [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325769
[ 10 ] Bug #2325770 - CVE-2024-11117 chromium: Inappropriate implementation
in FileSystem [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2325770
[ 11 ] Bug #2327554 - CVE-2024-11395 chromium: Type Confusion in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2327554
[ 12 ] Bug #2327555 - CVE-2024-11395 chromium: Type Confusion in V8
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2327555
--------------------------------------------------------------------------------
================================================================================
devscripts-2.24.3-2.el9 (FEDORA-EPEL-2024-e50868d99d)
Scripts for Debian Package maintainers
--------------------------------------------------------------------------------
Update Information:
add perl-Git-Wrapper to epel-9 to build devscripts
add devscripts
need also
perl-Parse-DebControl-2.005-32.el9
perl-File-DirList-0.05-12.el9
perl-Devel-CheckBin-0.04-23.el9
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 14 2024 Sérgio Basto <[email protected]> - 2.24.3-2
- Change homepage URL to https://tracker.debian.org/pkg/devscripts
* Tue Nov 12 2024 Sérgio M. Basto <[email protected]> - 2.24.3-1
- Update to version 2.24.3
* Sun Nov 3 2024 Sandro Mani <[email protected]> - 2.24.2-1
- Update to 2.24.2
* Thu Sep 19 2024 Sandro Mani <[email protected]> - 2.24.1-1
- Update to 2.24.1
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> -
2.23.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 7 2024 Python Maint <[email protected]> - 2.23.7-4
- Rebuilt for Python 3.13
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> -
2.23.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> -
2.23.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Dec 13 2023 Sandro Mani <[email protected]> - 2.23.7-1
- Update to 2.23.7
* Wed Aug 23 2023 Sandro Mani <[email protected]> - 2.23.6-1
- Update to 2.23.6
* Wed Jul 19 2023 Fedora Release Engineering <[email protected]> -
2.23.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jun 16 2023 Python Maint <[email protected]> - 2.23.5-2
- Rebuilt for Python 3.12
* Thu Jun 15 2023 Sandro Mani <[email protected]> - 2.23.5-1
- Update to 2.23.5
* Tue Jun 13 2023 Python Maint <[email protected]> - 2.23.4-2
- Rebuilt for Python 3.12
* Wed Apr 5 2023 Sandro Mani <[email protected]> - 2.23.4-1
- Update to 2.23.4
* Sun Mar 19 2023 Sandro Mani <[email protected]> - 2.23.3-1
- Update to 2.23.3
* Mon Feb 20 2023 Sandro Mani <[email protected]> - 2.23.2-1
- Update to 2.23.2
* Sat Feb 11 2023 Sandro Mani <[email protected]> - 2.23.1-1
- Update to 2.23.1
* Sun Feb 5 2023 Sandro Mani <[email protected]> - 2.23.0-1
- Update to 2.23.0
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> -
2.22.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
fast_float-3.11.0-4.el9 (FEDORA-EPEL-2024-909eab6b6d)
Fast & exact implementation of C++ from_chars for float/double
--------------------------------------------------------------------------------
Update Information:
Do not run exhaustive tests by default
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2024 Benjamin A. Beasley <[email protected]> - 3.11.0-4
- Do not run exhaustive tests by default
- We can always manually run scratch builds with them enabled, especially
after significant upstream changes.
* Fri Nov 22 2024 Benjamin A. Beasley <[email protected]> - 3.11.0-3
- Use new (rpm 4.17.1+) bcond style
* Fri Nov 22 2024 Benjamin A. Beasley <[email protected]> - 3.11.0-2
- Drop unnecessary manual dependency on cmake-filesystem
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.62-1.el9 (FEDORA-EPEL-2024-f998fbb3c7)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
Automatic update for fedora-license-data-1.62-1.el9.
Changelog for fedora-license-data
* Fri Nov 22 2024 Miroslav Suchý <[email protected]> 1.62-1
- add Avasys public license as allowed-firmware
- add public domain dedication for python-hexdump
- add public domain dedication for allegro (loadpng addon)
- add LicenseRef-soundfont as not-allowed
- add broadcom firmware license
- Reclassify LicenseRef-qmail as allowed (deprecated)
- add GPL-2.0-only WITH CGAL-linking-exception
- add firmware licensing terms for atmel-firmware
- add wwl license
- add generic-xts license
- add LicenseRef-Mod-Archive as not-allowed
- add public domain dedication for perl-Math-Expression-Evaluator
- add public domain dedication for perl-MaxMind-DB-Reader-XS
- add public domain dedication for python-django-pdb
- add UltraPermissive dedication of package python-utmp
- add public domain dedication for re2c
- add public domain dedication for python-nine
- add public domain dedication for perl-Devel-Trace
- add LGPL-3.0-or-later WITH LGPL-3.0-linking-exception
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2024 Miroslav Suchý <[email protected]> 1.62-1
- add Avasys public license as allowed-firmware
- add public domain dedication for python-hexdump
- add public domain dedication for allegro (loadpng addon)
- add LicenseRef-soundfont as not-allowed
- add broadcom firmware license
- Reclassify LicenseRef-qmail as allowed (deprecated)
- add GPL-2.0-only WITH CGAL-linking-exception
- add firmware licensing terms for atmel-firmware
- add wwl license
- add generic-xts license
- add LicenseRef-Mod-Archive as not-allowed
- add public domain dedication for perl-Math-Expression-Evaluator
- add public domain dedication for perl-MaxMind-DB-Reader-XS
- add public domain dedication for python-django-pdb
- add UltraPermissive dedication of package python-utmp
- add public domain dedication for re2c
- add public domain dedication for python-nine
- add public domain dedication for perl-Devel-Trace
- add LGPL-3.0-or-later WITH LGPL-3.0-linking-exception
--------------------------------------------------------------------------------
================================================================================
onedrive-2.5.3-2.el9 (FEDORA-EPEL-2024-28f13b2505)
OneDrive Free Client written in D
--------------------------------------------------------------------------------
Update Information:
Update to 2.5.3 (#2326647)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2024 Zamir SUN <[email protected]> - 2.5.3-2
- Fix unable to parse SSL version
* Fri Nov 15 2024 Fedora Release Monitoring
<[email protected]> - 2.5.3-1
- Update to 2.5.3 (#2326647)
--------------------------------------------------------------------------------
================================================================================
perl-Git-Wrapper-0.048-21.el9 (FEDORA-EPEL-2024-e50868d99d)
Wrap git command-line interface for Perl
--------------------------------------------------------------------------------
Update Information:
add perl-Git-Wrapper to epel-9 to build devscripts
add devscripts
need also
perl-Parse-DebControl-2.005-32.el9
perl-File-DirList-0.05-12.el9
perl-Devel-CheckBin-0.04-23.el9
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 6 2024 Miroslav Suchý <[email protected]> - 0.048-21
- convert license to SPDX
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.048-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
0.048-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
0.048-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> -
0.048-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jan 20 2023 Fedora Release Engineering <[email protected]> -
0.048-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-fundu-core-0.3.0-5.el9 (FEDORA-EPEL-2024-2d9e437f58)
Core driving the implementation of fundu
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 15 2024 Benjamin A. Beasley <[email protected]> - 0.3.0-5
- Allow rstest_reuse 0.7.0
* Fri Nov 15 2024 Benjamin A. Beasley <[email protected]> - 0.3.0-4
- Allow rstest 0.23 (and later)
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-nu-0.99.1-5.el9 (FEDORA-EPEL-2024-2d9e437f58)
New type of shell
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 20 2024 Benjamin A. Beasley <[email protected]> - 0.99.1-5
- Fix missing License expression
* Wed Nov 20 2024 Benjamin A. Beasley <[email protected]> - 0.99.1-4
- No longer downgrade serial_test dependency
* Wed Nov 20 2024 Benjamin A. Beasley <[email protected]> - 0.99.1-3
- Remove obsolete MSRV patch comment
* Wed Nov 20 2024 Benjamin A. Beasley <[email protected]> - 0.99.1-2
- Allow rstest 0.23
--------------------------------------------------------------------------------
================================================================================
rust-nu-cli-0.99.1-2.el9 (FEDORA-EPEL-2024-2d9e437f58)
CLI-related functionality for Nushell
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 20 2024 Benjamin A. Beasley <[email protected]> - 0.99.1-2
- Allow rstest 0.23
--------------------------------------------------------------------------------
================================================================================
rust-nu-command-0.99.1-2.el9 (FEDORA-EPEL-2024-2d9e437f58)
Nushell's built-in commands
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2024 Benjamin A. Beasley <[email protected]> - 0.99.1-2
- Allow rstest 0.23
--------------------------------------------------------------------------------
================================================================================
rust-nu-parser-0.99.1-2.el9 (FEDORA-EPEL-2024-2d9e437f58)
Nushell's parser
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 20 2024 Benjamin A. Beasley <[email protected]> - 0.99.1-2
- Allow rstest 0.23
--------------------------------------------------------------------------------
================================================================================
rust-nu-protocol-0.99.1-2.el9 (FEDORA-EPEL-2024-2d9e437f58)
Nushell's internal protocols, including its abstract syntax tree
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 20 2024 Benjamin A. Beasley <[email protected]> - 0.99.1-2
- Allow rstest 0.23
--------------------------------------------------------------------------------
================================================================================
rust-onefetch-2.22.0-5.el9 (FEDORA-EPEL-2024-2d9e437f58)
Command-line Git information tool
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 20 2024 Benjamin A. Beasley <[email protected]> - 2.22.0-5
- Allow rstest 0.23 (and stop allowing 0.18)
--------------------------------------------------------------------------------
================================================================================
rust-reedline-0.37.0-2.el9 (FEDORA-EPEL-2024-2d9e437f58)
Readline-like crate for CLI text input
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 20 2024 Benjamin A. Beasley <[email protected]> - 0.37.0-2
- Allow rstest 0.23
--------------------------------------------------------------------------------
================================================================================
rust-time-0.3.36-2.el9 (FEDORA-EPEL-2024-2d9e437f58)
Date and time library
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2024 Benjamin A. Beasley <[email protected]> - 0.3.36-2
- Allow rstest 0.23 and rstest_reuse 0.7.0
--------------------------------------------------------------------------------
================================================================================
rust-uu_tail-0.0.27-2.el9 (FEDORA-EPEL-2024-2d9e437f58)
tail ~ (uutils) display the last lines of input
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 20 2024 Benjamin A. Beasley <[email protected]> - 0.0.27-2
- Allow rstest 0.23; temporarily still allow 0.18
--------------------------------------------------------------------------------
================================================================================
rust-zoxide-0.9.4-3.el9 (FEDORA-EPEL-2024-2d9e437f58)
Smarter cd command for your terminal
--------------------------------------------------------------------------------
Update Information:
Fix missing (# FIXME) License in nu, from source package rust-nu.
Adjust various packages to prepare for a future rust-rstest-0.23.0/rust-
rstest_reuse-0.7.0 update.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 15 2024 Benjamin A. Beasley <[email protected]> - 0.9.4-3
- Allow rstest 0.23 and rstest_reuse 0.7
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
tmt-1.39.0-1.el9 (FEDORA-EPEL-2024-0108ef2c3d)
Test Management Tool
--------------------------------------------------------------------------------
Update Information:
Automatic update for tmt-1.39.0-1.el9.
Changelog for tmt
* Fri Nov 22 2024 Packit <[email protected]> - 1.39.0-1
- Update to version 1.39.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2024 Packit <[email protected]> - 1.39.0-1
- Update to version 1.39.0
--------------------------------------------------------------------------------
================================================================================
wordpress-6.7.1-1.el9 (FEDORA-EPEL-2024-e934d6c9d9)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
Upstream announcement: WordPress 6.7.1 Maintenance Release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2024 Remi Collet <[email protected]> - 6.7.1-1
- WordPress 6.7.1 Maintenance Release
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
