The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-1b4c7ee66c knot-resolver-5.5.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
dropbear-2017.75-2.el7 fts-3.12.0-1.el7 rlwrap-0.45.2-2.el7
Details about builds:
================================================================================ dropbear-2017.75-2.el7 (FEDORA-EPEL-2022-f0317a13d8) Lightweight SSH server and client -------------------------------------------------------------------------------- Update Information:
- Backport fix for CVE-2018-15599, resolves rhbz#1623177 - Backport fix for CVE-2020-36254, resolves rhbz#1933067 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 28 2022 Carl George carl@george.computer - 2017.75-2 - Backport fix for CVE-2018-15599, resolves rhbz#1623177 - Backport fix for CVE-2020-36254, resolves rhbz#1933067 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1623177 - CVE-2018-15599 dropbear: User enumeration via malformed packets in authentication requests [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1623177 [ 2 ] Bug #1933067 - CVE-2020-36254 dropbear: mishandles the filename of . or an empty filename [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1933067 --------------------------------------------------------------------------------
================================================================================ fts-3.12.0-1.el7 (FEDORA-EPEL-2022-41b0d14048) File Transfer Service V3 -------------------------------------------------------------------------------- Update Information:
The FTS v3.12.0 release -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 27 2022 Mihai Patrascoiu mipatras@cern.ch - 3.12.0-1 - Upstream release v3.12.0 --------------------------------------------------------------------------------
================================================================================ rlwrap-0.45.2-2.el7 (FEDORA-EPEL-2022-04cccae3c4) Wrapper for GNU readline -------------------------------------------------------------------------------- Update Information:
Fixes the version handling in rlwrapfilter to work with x.y.z version numbers -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 28 2022 Michel Alexandre Salim salimma@fedoraproject.org 0.45.2-2 - Fix version parsing in rlwrapfilter.py (rhbz#2091749) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2091749 - rlwrap built for F36 sets a version number with a minor version to the env RLWRAP_VERSION https://bugzilla.redhat.com/show_bug.cgi?id=2091749 --------------------------------------------------------------------------------