The following Fedora EPEL 8 Security updates need testing:
Age URL
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-ea252e0b24
tor-0.4.5.7-1.el8
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-eb1a7d918d
atasm-1.09-1.el8
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-9222415f70
exim-4.94-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
assimp-5.0.1-3.el8
bitstream-1.5-4.el8
chromium-89.0.4389.90-3.el8
dvblast-3.4-6.el8
kiwi-9.23.22-1.el8
Details about builds:
================================================================================
assimp-5.0.1-3.el8 (FEDORA-EPEL-2021-fd1b923c69)
Library to import various 3D model formats into applications
--------------------------------------------------------------------------------
Update Information:
Fix library install dir specification (rhbz#1943862). This should correct
errors with CMake packages building against assimp on 64-bit architectures.
---- Add an upstream patch to fix imported library locations, resolving issues
when finding assimp in CMake projects.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 29 2021 Rich Mattes <richmattes(a)gmail.com> - 5.0.1-3
- Fix library install dir specification (rhbz#1943862)
- Remove un-needed build dependency on ILUT
* Tue Mar 23 2021 Scott K Logan <logans(a)cottsay.net> - 5.0.1-2
- Add an upstream patch to fix imported library locations
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1943862 - Invalid ASSIMP_LIBRARY_DIRS reported from CMake
https://bugzilla.redhat.com/show_bug.cgi?id=1943862
--------------------------------------------------------------------------------
================================================================================
bitstream-1.5-4.el8 (FEDORA-EPEL-2021-3d5e67ff72)
Simpler access to binary structures such as specified by MPEG, DVB, IETF
--------------------------------------------------------------------------------
Update Information:
Introduce dvblast.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
chromium-89.0.4389.90-3.el8 (FEDORA-EPEL-2021-b26bce013a)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Fix issue where chromium would crash upon accessing components/cast_*. Thanks to
Gentoo for the patch. It also fixes some security issues, because why not:
CVE-2021-21191 CVE-2021-21192 CVE-2021-21193
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.90-3
- apply upstream fix for newer system libva
* Wed Mar 24 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.90-2
- fix crashes with components/cast_*
* Thu Mar 18 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.90-1
- update to 89.0.4389.90
- disable auto-download of widevine binary only blob
* Mon Mar 15 2021 Tom Callaway <spot(a)fedoraproject.org> - 89.0.4389.82-2
- add support for futex_time64
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1939460 - CVE-2021-21191 chromium-browser: Use after free in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1939460
[ 2 ] Bug #1939461 - CVE-2021-21192 chromium-browser: Heap buffer overflow in tab
groups
https://bugzilla.redhat.com/show_bug.cgi?id=1939461
[ 3 ] Bug #1939462 - CVE-2021-21193 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1939462
--------------------------------------------------------------------------------
================================================================================
dvblast-3.4-6.el8 (FEDORA-EPEL-2021-3d5e67ff72)
Simple and powerful streaming application
--------------------------------------------------------------------------------
Update Information:
Introduce dvblast.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
kiwi-9.23.22-1.el8 (FEDORA-EPEL-2021-fa909bb47f)
Flexible operating system image builder
--------------------------------------------------------------------------------
Update Information:
Update to 9.23.22 to fix `yum` redirecting to `dnf` properly in image
descriptions.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 29 2021 Neal Gompa <ngompa13(a)gmail.com> - 9.23.22-1
- Update to 9.23.22 (RH#1941503)
* Wed Mar 17 2021 Neal Gompa <ngompa13(a)gmail.com> - 9.23.20-3
- Update kiwi-schema provides to match the current schema version
- Sync systemdeps dependencies from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1941503 - kiwi-9.23.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1941503
--------------------------------------------------------------------------------