The following Fedora EPEL 9 Security updates need testing:
Age URL
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-aafd7b2092
stb-0^20230129git5736b15-0.2.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
gnome-shell-extension-pop-shell-1.2.0^10.dcf17f3-1.el9
kbibtex-0.9.2-4.el9
python-makefun-1.14.0-1.el9
python-pyrate-limiter-2.9.1-1.el9
radare2-5.8.2-2.el9
Details about builds:
================================================================================
gnome-shell-extension-pop-shell-1.2.0^10.dcf17f3-1.el9 (FEDORA-EPEL-2023-555acad4ca)
GNOME Shell extension for advanced tiling window management
--------------------------------------------------------------------------------
Update Information:
Latest upstream snapshot.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 24 2023 Carl George <carl(a)george.computer> - 1.2.0^10.dcf17f3-1
- Update to upstream snapshot for GNOME 44 compatibility
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.2.0^9.886a069-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
kbibtex-0.9.2-4.el9 (FEDORA-EPEL-2023-a21050e6bb)
A BibTeX editor for KDE
--------------------------------------------------------------------------------
Update Information:
Build for EPEL 9
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 2 2021 Robin Lee <cheeselee(a)fedoraproject.org> - 0.9.2-4
- Fix requirement of devel subpackage (RHBZ#1919474)
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sat Jun 20 2020 Marie Loise Nolden <loise(a)kde.org> - 0.9.2-1
- Update to 0.9.2
* Mon May 18 2020 Pete Walter <pwalter(a)fedoraproject.org> - 0.9-6
- Rebuild for ICU 67
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jan 17 2020 Marek Kasik <mkasik(a)redhat.com> - 0.9-4
- Rebuild for poppler-0.84.0
* Fri Nov 1 2019 Pete Walter <pwalter(a)fedoraproject.org> - 0.9-3
- Rebuild for ICU 65
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jun 10 2019 Robin Lee <cheeselee(a)fedoraproject.org> - 0.9-1
- Update to 0.9
--------------------------------------------------------------------------------
================================================================================
python-makefun-1.14.0-1.el9 (FEDORA-EPEL-2023-6f76a83d7c)
Dynamically create python functions with a proper signature
--------------------------------------------------------------------------------
Update Information:
Build for EPEL9
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 22 2022 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 1.14.0-1
- Version 1.14.0 (rhbz#2099882)
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 1.11.1-4
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.11.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.11.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 1.6.11-6
- Rebuilt for Python 3.10
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.11-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.11-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2092139 - Please build python-makefun for EPEL9
https://bugzilla.redhat.com/show_bug.cgi?id=2092139
--------------------------------------------------------------------------------
================================================================================
python-pyrate-limiter-2.9.1-1.el9 (FEDORA-EPEL-2023-a41349a0b6)
The request rate limiter using Leaky-bucket algorithm
--------------------------------------------------------------------------------
Update Information:
Update to 2.9.1 ---- Update to 2.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2.9.1-1
- Update to 2.9.1
* Tue Feb 21 2023 Steve Cossette <farchord(a)gmail.com> - 2.9.0-1
- Update to 2.9.0
--------------------------------------------------------------------------------
================================================================================
radare2-5.8.2-2.el9 (FEDORA-EPEL-2023-06f86f0ae3)
The reverse engineering framework
--------------------------------------------------------------------------------
Update Information:
fix sdb generation from messon ---- update to 5.8.2, fixes several CVE issues
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 26 2023 Michal Ambroz <rebus at, seznam.cz> 5.8.2-2
- cherrypick upstream patch for fixing the sdb generation from mesosn
* Wed Jan 25 2023 Michal Ambroz <rebus at, seznam.cz> 5.8.2-1
- bump to 5.8.2
- fix CVE-2023-0302 , CVE-2023-0302
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.7.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Aug 2 2022 Michal Ambroz <rebus at, seznam.cz> 5.7.8-1
- bump to 5.7.8
* Tue Aug 2 2022 Michal Ambroz <rebus at, seznam.cz> 5.7.6-1
- bump to 5.7.6
- cherrypicked patch for new libmagic from upstream
- fix CVE-2022-34502
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.6.8-1.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Apr 21 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> - 5.6.8-1
- bump to 5.6.8
* Wed Apr 13 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-2
- refresh list of bundled libraries and associated cleanup
* Tue Apr 12 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-2
- Fixes for CVE-2022-1061 CVE-2022-1207 CVE-2022-1237 CVE-2022-1238
CVE-2022-1240 CVE-2022-1244 CVE-2022-1283 CVE-2022-1284 CVE-2022-1296
CVE-2022-1297
* Tue Apr 12 2022 Henrik Nordstrom <henrik(a)henriknordstrom.net> 5.6.6-1
- bump to 5.6.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2086386 - CVE-2022-1714 radare2: Heap-based Buffer Overflow 4 byte oob read
in msp430 disassembler [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2086386
[ 2 ] Bug #2089714 - CVE-2022-1809 radare2: use of uninitialized function pointer
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2089714
[ 3 ] Bug #2092820 - CVE-2021-44974 radare2: NULL pointer dereference when parsing
binary symbols in bin_symbols.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2092820
[ 4 ] Bug #2092822 - CVE-2021-44975 radare2: Buffer Overflow while parsing mach-o
executables via /libr/core/anal_objc.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2092822
[ 5 ] Bug #2092972 - CVE-2022-1899 radare2: out of bounds read in string_scan_range
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2092972
[ 6 ] Bug #2105005 - CVE-2022-1437 radare2: Heap-based Buffer Overflow in radare2 prior
to 5.7.0 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2105005
[ 7 ] Bug #2111326 - CVE-2022-34502 radare2: heap buffer overflow via the function
consume_encoded_name_new at format/wasm/wasm.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2111326
[ 8 ] Bug #2113988 - CVE-2022-34520 radare2: NULL pointer dereference [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2113988
[ 9 ] Bug #2152391 - CVE-2022-4398 radare2: dev-util/radare2: integer overflow
vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2152391
[ 10 ] Bug #2170036 - syscall detection is broken
https://bugzilla.redhat.com/show_bug.cgi?id=2170036
--------------------------------------------------------------------------------