The following Fedora EPEL 9 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-d7b2e42215
suricata-6.0.9-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
collectd-5.12.0-24.el9
composer-2.5.0-1.el9
kde-connect-22.04.1-3.el9
nut-2.8.0-3.el9
python-chameleon-3.10.2-1.el9
python-doxypypy-0.8.8.6-1.el9
qt6-qttools-6.3.1-3.el9
rdiff-backup-2.2.0-2.el9
rust-anyhow-1.0.68-1.el9
rust-automod-1.0.6-1.el9
rust-bitmaps-2.1.0-9.el9
rust-proc-macro2-1.0.49-1.el9
rust-proptest-derive-0.3.0-1.el9
rust-quote-1.0.23-1.el9
rust-rustversion-1.0.11-1.el9
rust-semver-1.0.16-1.el9
rust-serde_json-1.0.91-1.el9
rust-syn-1.0.107-1.el9
rust-trybuild-1.0.73-1.el9
rust-unicode-ident-1.0.6-1.el9
signify-31-1.el9
tio-2.5-1.el9
trafficserver-9.1.4-1.el9
umr-1.0.5-1.el9
Details about builds:
================================================================================
collectd-5.12.0-24.el9 (FEDORA-EPEL-2022-5beb9ee3a0)
Statistics collection daemon for filling RRD files
--------------------------------------------------------------------------------
Update Information:
nut updated to 2.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Michal Hlavinka <mhlavink(a)redhat.com> - 5.12.0-24
- rebuild for updated nut
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1774591 - Needs the tty group
https://bugzilla.redhat.com/show_bug.cgi?id=1774591
[ 2 ] Bug #2024651 - /usr/lib/tmpfiles.d/nut-client.conf specifies /var/run/nut instead
of /run/nut
https://bugzilla.redhat.com/show_bug.cgi?id=2024651
--------------------------------------------------------------------------------
================================================================================
composer-2.5.0-1.el9 (FEDORA-EPEL-2022-a92f865c05)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 2.5.0** - 2022-12-20 * BC Warning: To prevent abuse of our
includeFile() function it is now gone, it was not part of the official API but
may still cause issues if some code incorrectly relied on it (#11015) *
Improved version guessing of `require` command to use the dependency resolution
result instead of using the latest available version (except if you run with
--no-update) (#11160) * Improved version selection in `archive` command
(#11230) * Added autocompletion of config option names in the `config` command
(#11130) * Added support for writing [custom commands as Command
classes](https://getcomposer.org/doc/articles/scripts.md#writing-custom-
commands) (#11151) * Added hard failure when installing from a lock file which
does not satisfy the composer.json requirements (#11195) * Added warning when
the outdated command rejects a new package due to unmet platform requirements
(#11113) * Added support for `bump` command to bump `>=x` to `>=installed-
version` (#11179) * Added `--download-only` flag to `install` command to only
download and prime the cache with the package archives (#11041) * Added
autoconfiguration of `github-domains`/`gitlab-domains` when GitHub/GitLab
credentials are configured for a custom domain (#11062) * Added hard failure
(throw) if COMPOSER_AUTH is present and malformed JSON (#11085) * Added
interactive prompt to `run-script` and `exec` commands if run without any
argument (#11157) * Added interactive prompt where to store credentials when a
project-local auth.json exists (#11188) * Fixed full disk warning to be shown
when less than 100MiB is available (#11190) * Fixed cache keys to allow `_` to
avoid conflicts between package names like `a-b` and `a_b` (#11229) * Fixed
docker compatibility by making paths more portable even if the project is
installed at `/` (#11169)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Remi Collet <remi(a)remirepo.net> - 2.5.0-1
- update to 2.5.0
--------------------------------------------------------------------------------
================================================================================
kde-connect-22.04.1-3.el9 (FEDORA-EPEL-2022-1818b8ac59)
KDE Connect client for communication with smartphones
--------------------------------------------------------------------------------
Update Information:
Rebuild for updated pulseaudio-qt
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Troy Dawson <tdawson(a)redhat.com> - 22.04.1-3
- Rebuild for updated pulseaudio-qt
--------------------------------------------------------------------------------
================================================================================
nut-2.8.0-3.el9 (FEDORA-EPEL-2022-5beb9ee3a0)
Network UPS Tools
--------------------------------------------------------------------------------
Update Information:
nut updated to 2.8.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 12 2022 Michal Hlavinka <mhlavink(a)redhat.com> - 2.8.0-3
- apply missing patch
* Tue Dec 6 2022 Michal Hlavinka <mhlavink(a)redhat.com> - 2.8.0-2
- fix STATEPATH location and creation (#2024651)
- merged C99 related changes to configure from fedora
* Tue Sep 13 2022 Michal Hlavinka <mhlavink(a)redhat.com> - 2.8.0-1
- update to 2.8.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1774591 - Needs the tty group
https://bugzilla.redhat.com/show_bug.cgi?id=1774591
[ 2 ] Bug #2024651 - /usr/lib/tmpfiles.d/nut-client.conf specifies /var/run/nut instead
of /run/nut
https://bugzilla.redhat.com/show_bug.cgi?id=2024651
--------------------------------------------------------------------------------
================================================================================
python-chameleon-3.10.2-1.el9 (FEDORA-EPEL-2022-6620b68674)
XML-based template compiler
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 18 2022 J��n ONDREJ (SAL) <ondrejj(at)salstar.sk> - 3.10.2-1
- Update to upstream.
* Sun Sep 18 2022 Kevin Fenzi <kevin(a)scrye.com> - 3.10.1-1
- Update to 3.10.1. Fixes rhbz#2072607
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.9.1-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 3.9.1-5
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.9.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.9.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 3.9.1-2
- Rebuilt for Python 3.10
* Sat May 22 2021 Kevin Fenzi <kevin(a)scrye.com> - 3.9.1-1
- Update to 3.9.1. Fixes rhbz#1960539
* Sun Feb 28 2021 Kevin Fenzi <kevin(a)scrye.com> - 3.9.0-1
- Update to 3.9.0. Fixes rhbz#1933237
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.8.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Dec 31 2020 Kevin Fenzi <kevin(a)scrye.com> - 3.8.1-1
- Update to 3.8.1. Fixes rhbz#1848107
--------------------------------------------------------------------------------
================================================================================
python-doxypypy-0.8.8.6-1.el9 (FEDORA-EPEL-2022-cd02eaa7e0)
A more Pythonic version of doxypy, a Doxygen filter for Python
--------------------------------------------------------------------------------
Update Information:
``` * Mon Dec 19 2022 Onuralp SEZER <thunderbirdtr(a)fedoraproject.org> -
0.8.8.6-1 - Initial version of package ```
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 19 2022 Onuralp SEZER <thunderbirdtr(a)fedoraproject.org> - 0.8.8.6-1
- Initial version of package
--------------------------------------------------------------------------------
================================================================================
qt6-qttools-6.3.1-3.el9 (FEDORA-EPEL-2022-16bbeb31e2)
Qt6 - QtTool components
--------------------------------------------------------------------------------
Update Information:
Rebuild for updated clang
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Troy Dawson <tdawson(a)redhat.com> - 6.3.1-3
- Rebuild for updated clang
--------------------------------------------------------------------------------
================================================================================
rdiff-backup-2.2.0-2.el9 (FEDORA-EPEL-2022-24bff6e418)
Convenient and transparent local/remote incremental mirror/backup
--------------------------------------------------------------------------------
Update Information:
Happy Holidays release v2.2.0 - Fedora Release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Frank Crawford <frank(a)crawford.emu.id.au> - 2.2.0-2
- Happy Holidays release v2.2.0 - Fedora Release
* Sun Dec 18 2022 Frank Crawford <frank(a)crawford.emu.id.au> - 2.2.0-1
- Happy Holidays release v2.2.0 - COPR Release
* Mon Nov 21 2022 Frank Crawford <frank(a)crawford.emu.id.au> - 2.0.5-10
- SPDX license update
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.5-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 2.0.5-8
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.5-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-anyhow-1.0.68-1.el9 (FEDORA-EPEL-2022-4e06b871cd)
Flexible concrete Error type built on std::error::Error
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.68.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.0.68-1
- Update to version 1.0.68; Fixes RHBZ#2154553
--------------------------------------------------------------------------------
================================================================================
rust-automod-1.0.6-1.el9 (FEDORA-EPEL-2022-0c350d7aca)
Pull in every source file in a directory as a module
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.6.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.0.6-1
- Update to version 1.0.6; Fixes RHBZ#2154556
--------------------------------------------------------------------------------
================================================================================
rust-bitmaps-2.1.0-9.el9 (FEDORA-EPEL-2022-b39fe03039)
Fixed size boolean arrays
--------------------------------------------------------------------------------
Update Information:
- Update the proptest-derive crate to version 0.3.0. - Adapt the bitmaps crate
to proptest 1.0 and proptest-derive 0.3.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 2.1.0-9
- Bump to proptest 1.0 and proptest-derive 0.3
--------------------------------------------------------------------------------
================================================================================
rust-proc-macro2-1.0.49-1.el9 (FEDORA-EPEL-2022-968490946c)
Substitute implementation of the Rust compiler's proc_macro API
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.49.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.0.49-1
- Update to version 1.0.49; Fixes RHBZ#2154589
--------------------------------------------------------------------------------
================================================================================
rust-proptest-derive-0.3.0-1.el9 (FEDORA-EPEL-2022-b39fe03039)
Custom-derive for the Arbitrary trait of proptest
--------------------------------------------------------------------------------
Update Information:
- Update the proptest-derive crate to version 0.3.0. - Adapt the bitmaps crate
to proptest 1.0 and proptest-derive 0.3.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.3.0-1
- Update to version 0.3.0; Fixes RHBZ#1931160
--------------------------------------------------------------------------------
================================================================================
rust-quote-1.0.23-1.el9 (FEDORA-EPEL-2022-58262c2d4d)
Quasi-quoting macro quote!(...)
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.23.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.0.23-1
- Update to version 1.0.23; Fixes RHBZ#2154590
--------------------------------------------------------------------------------
================================================================================
rust-rustversion-1.0.11-1.el9 (FEDORA-EPEL-2022-cca410b6d4)
Conditional compilation according to rustc compiler version
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.11.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.0.11-1
- Update to version 1.0.11; Fixes RHBZ#2154593
--------------------------------------------------------------------------------
================================================================================
rust-semver-1.0.16-1.el9 (FEDORA-EPEL-2022-47fdb56e00)
Parser and evaluator for Cargo's flavor of Semantic Versioning
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.16.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.0.16-1
- Update to version 1.0.16; Fixes RHBZ#2154595
--------------------------------------------------------------------------------
================================================================================
rust-serde_json-1.0.91-1.el9 (FEDORA-EPEL-2022-37c6e79b4f)
JSON serialization file format
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.91.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.0.91-1
- Update to version 1.0.91; Fixes RHBZ#2154579
--------------------------------------------------------------------------------
================================================================================
rust-syn-1.0.107-1.el9 (FEDORA-EPEL-2022-5839c7bd86)
Parser for Rust source code
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.107.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.0.107-1
- Update to version 1.0.107; Fixes RHBZ#2154583
--------------------------------------------------------------------------------
================================================================================
rust-trybuild-1.0.73-1.el9 (FEDORA-EPEL-2022-5823869d40)
Test harness for ui tests of compiler diagnostics
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.73.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.0.73-1
- Update to version 1.0.73; Fixes RHBZ#2154601
--------------------------------------------------------------------------------
================================================================================
rust-unicode-ident-1.0.6-1.el9 (FEDORA-EPEL-2022-8b13b96505)
Determine whether characters have the XID_Start or XID_Continue properties
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.6.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Fabio Valentini <decathorpe(a)gmail.com> 1.0.6-1
- Update to version 1.0.6; Fixes RHBZ#2154602
--------------------------------------------------------------------------------
================================================================================
signify-31-1.el9 (FEDORA-EPEL-2022-aed57bf6e2)
Sign and verify signatures on files
--------------------------------------------------------------------------------
Update Information:
- Update to release v31
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Robert Scheck <robert(a)fedoraproject.org> - 31-1
- Update to release v31
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 30-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
tio-2.5-1.el9 (FEDORA-EPEL-2022-e1b723aa31)
Simple TTY terminal I/O application
--------------------------------------------------------------------------------
Update Information:
# tio v2.5 * Update configuration file documentation Rename `.tiorc` to
`.tioconfig`, `tiorc` to `config`, etc. * Add support for `$HOME/.tioconfig`
Replaces what used to be `$HOME/.tiorc * Fix double prefix key regression
* Better error checking in config file, rename the file Accept `true`,
`enable`, `on`, `yes`, `1` as true values, their counterparts as false ones.
Check integer values for errors and range. Warn about ignored (e.g. misspelled)
options. Check `getenv()` return value for `NULL`. Rename `tiorc` to
`config`, as it's a static INI file, not an executable "run commands".
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 20 2022 Robert Scheck <robert(a)fedoraproject.org> 2.5-1
- Upgrade to 2.5 (#2154614)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2154614 - tio-2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2154614
--------------------------------------------------------------------------------
================================================================================
trafficserver-9.1.4-1.el9 (FEDORA-EPEL-2022-53c9c8c84a)
Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:
Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 19 2022 Jered Floyd <jered(a)redhat.com> 9.1.4-1
- Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2154123 - trafficserver-9.1.4-rc0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2154123
[ 2 ] Bug #2154896 - CVE-2022-32749 trafficserver: server crash under certain conditions
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154896
[ 3 ] Bug #2154897 - CVE-2022-32749 trafficserver: server crash under certain conditions
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154897
[ 4 ] Bug #2154899 - CVE-2022-37392 trafficserver: ATS is vulnerable to smuggle, cache
poison, and DOS attacks [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154899
[ 5 ] Bug #2154900 - CVE-2022-37392 trafficserver: ATS is vulnerable to smuggle, cache
poison, and DOS attacks [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154900
[ 6 ] Bug #2154902 - CVE-2022-40743 trafficserver: Security issues with the xdebug
plugin [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154902
[ 7 ] Bug #2154903 - CVE-2022-40743 trafficserver: Security issues with the xdebug
plugin [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2154903
--------------------------------------------------------------------------------
================================================================================
umr-1.0.5-1.el9 (FEDORA-EPEL-2022-5ac985608f)
AMDGPU Userspace Register Debugger
--------------------------------------------------------------------------------
Update Information:
New package for EPEL9
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 19 2022 Jeremy Newton <alexjnewt AT hotmail DOT com> - 1.0.5-1
- Update to 1.0.5
* Mon Sep 19 2022 Pete Walter <pwalter(a)fedoraproject.org> -
1.0-14.20220107git02f162c
- Rebuild for llvm 15
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.0-13.20220107git02f162c
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.0-12.20220107git02f162c
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jan 12 2022 Jeremy Newton <alexjnewt AT hotmail DOT com> -
1.0-11.20220107git02f162c
- Update to newer git
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
1.0-10.20210115git8bf83ae
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jan 20 2021 Jeremy Newton <alexjnewt AT hotmail DOT com> -
1.0-9.20210115git8bf83ae
- Update to newer git
--------------------------------------------------------------------------------