The following Fedora EPEL 9 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c5aefc68ee
roundcubemail-1.5.4-1.el9
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d573bf038f
plantuml-1.2023.11-2.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
chromium-117.0.5938.92-2.el9
gnome-shell-extension-caffeine-42-1.el9
rust-async-compression-0.4.3-1.el9
rust-deflate64-0.1.5-1.el9
rust-indicatif-0.17.7-1.el9
rust-md-5-0.10.6-1.el9
rust-rend-0.4.1-1.el9
rust-semver-1.0.19-1.el9
rust-temp-env-0.3.6-1.el9
rust-wild-2.2.0-1.el9
shdoc-1.2-1.el9
ubridge-0.9.18-9.el9
whichfont-1.0.9-1.el9
xpra-5.0.2-2.el9
Details about builds:
================================================================================
chromium-117.0.5938.92-2.el9 (FEDORA-EPEL-2023-09cc239fe3)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 117.0.5938.92. ---- update to 117.0.5938.88 ---- update to
117.0.5938.62. Fixes following security issues: CVE-2023-4900 CVE-2023-4901
CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906
CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 ---- update to 116.0.5845.187. Fixes
following security issue: CVE-2023-4863 ---- update to 116.0.5845.179. Fixes
following security issues: CVE-2023-4427 CVE-2023-4428 CVE-2023-4429
CVE-2023-4430 CVE-2023-4431 CVE-2023-4572 CVE-2023-4761 CVE-2023-4762
CVE-2023-4763 CVE-2023-4764
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 23 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.92-2
- backport upstream patch to fix memory leak
* Fri Sep 22 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.92-1
- update to 117.0.5938.92
* Sun Sep 17 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.88-1
- update to 117.0.5938.88
* Wed Sep 13 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.62-1
- update to 117.0.5938.62
* Tue Sep 12 2023 Than Ngo <than(a)redhat.com> - 116.0.5845.187-1
- update to 116.0.5845.187
* Fri Sep 8 2023 Than Ngo <than(a)redhat.com> - 116.0.5845.179-1
- update to 116.0.5845.179
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2234749 - CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430
CVE-2023-4431 chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2234749
[ 2 ] Bug #2234750 - CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430
CVE-2023-4431 chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2234750
[ 3 ] Bug #2235800 - CVE-2023-4572 chromium: chromium-browser: Use after free in
MediaStream [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2235800
[ 4 ] Bug #2235801 - CVE-2023-4572 chromium: chromium-browser: Use after free in
MediaStream [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2235801
[ 5 ] Bug #2236152 - CVE-2021-29390 chromium: libjpeg-turbo: heap-buffer-overflow
vulnerability in decompress_smooth_data in jdcoefct.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2236152
[ 6 ] Bug #2237509 - CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764 chromium:
various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237509
[ 7 ] Bug #2237510 - CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764 chromium:
various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2237510
[ 8 ] Bug #2238432 - CVE-2023-4863 chromium: chromium-browser: Heap buffer overflow in
WebP [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2238432
[ 9 ] Bug #2238433 - CVE-2023-4863 chromium: chromium-browser: Heap buffer overflow in
WebP [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2238433
[ 10 ] Bug #2238832 - CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903
CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909
chromium: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2238832
[ 11 ] Bug #2238833 - CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903
CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909
chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2238833
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-caffeine-42-1.el9 (FEDORA-EPEL-2023-666102559c)
Disable the screen saver and auto suspend in gnome shell
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 15 2022 Jeremy Newton <alexjnewt at hotmail dot com> - 42-1
- Update to v42
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
39-4.20220331.git2394e7f
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Mar 31 2022 Jeremy Newton <alexjnewt at hotmail dot com> -
39-3.20220331.git2394e7f
- Update to git snapshot to fix f36
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 39-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sat Oct 30 2021 Davide Cavalca <dcavalca(a)fedoraproject.org> - 39-1
- Update to v39
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 38-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu May 20 2021 Jeremy Newton <alexjnewt at hotmail dot com> - 38-1
- Update to v38
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 37-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sun Jan 10 2021 Jeremy Newton <alexjnewt at hotmail dot com> - 37-1
- Initial package
--------------------------------------------------------------------------------
================================================================================
rust-async-compression-0.4.3-1.el9 (FEDORA-EPEL-2023-8680d3d086)
Adaptors between compression crates and Rust's modern asynchronous IO types
--------------------------------------------------------------------------------
Update Information:
- Update the async-compression crate to version 0.4.3. - Initial packaging of
the deflate64 crate.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 24 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.3-1
- Update to version 0.4.3; Fixes RHBZ#2235561
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-deflate64-0.1.5-1.el9 (FEDORA-EPEL-2023-8680d3d086)
Deflate64 implementation based on .NET's implementation
--------------------------------------------------------------------------------
Update Information:
- Update the async-compression crate to version 0.4.3. - Initial packaging of
the deflate64 crate.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 24 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.5-1
- Initial import (#2239349)
--------------------------------------------------------------------------------
================================================================================
rust-indicatif-0.17.7-1.el9 (FEDORA-EPEL-2023-6a409673fc)
Progress bar and cli reporting library for Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 0.17.7.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 24 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.17.7-1
- Update to version 0.17.7; Fixes RHBZ#2240168
--------------------------------------------------------------------------------
================================================================================
rust-md-5-0.10.6-1.el9 (FEDORA-EPEL-2023-3c16940e76)
MD5 hash function
--------------------------------------------------------------------------------
Update Information:
Update to version 0.10.6.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 24 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.10.6-1
- Update to version 0.10.6; Fixes RHBZ#2240236
--------------------------------------------------------------------------------
================================================================================
rust-rend-0.4.1-1.el9 (FEDORA-EPEL-2023-94bc056c62)
Endian-aware primitives for Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 0.4.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 24 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.1-1
- Update to version 0.4.1; Fixes RHBZ#2240492
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-semver-1.0.19-1.el9 (FEDORA-EPEL-2023-b3327e0132)
Parser and evaluator for Cargo's flavor of Semantic Versioning
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.19.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 24 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.19-1
- Update to version 1.0.19; Fixes RHBZ#2240283
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.18-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-temp-env-0.3.6-1.el9 (FEDORA-EPEL-2023-a7a0bf532e)
Set environment variables temporarily
--------------------------------------------------------------------------------
Update Information:
Update to version 0.3.6.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 24 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.3.6-1
- Update to version 0.3.6; Fixes RHBZ#2240446
* Sat Sep 2 2023 alciregi <alciregi(a)fedoraproject.org> - 0.3.5-1
- Update to 0.3.5
--------------------------------------------------------------------------------
================================================================================
rust-wild-2.2.0-1.el9 (FEDORA-EPEL-2023-6d12899d6d)
Glob (wildcard) expanded command-line arguments
--------------------------------------------------------------------------------
Update Information:
Update to version 2.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 24 2023 Fabio Valentini <decathorpe(a)gmail.com> - 2.2.0-1
- Update to version 2.2.0; Fixes RHBZ#2240472
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
shdoc-1.2-1.el9 (FEDORA-EPEL-2023-3a17e7bb08)
Documentation generator for bash/zsh/sh for generating documentation in Markdown
--------------------------------------------------------------------------------
Update Information:
Update to 1.2
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 31 2023 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 1.2-1
- Update to 1.2 - Closes rhbz#2227944
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ubridge-0.9.18-9.el9 (FEDORA-EPEL-2023-57873c34c1)
Bridge for UDP tunnels, Ethernet, TAP and VMnet interfaces
--------------------------------------------------------------------------------
Update Information:
Bridge for UDP tunnels, Ethernet, TAP and VMnet interfaces
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.18-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.18-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.18-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.18-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.18-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
whichfont-1.0.9-1.el9 (FEDORA-EPEL-2023-4027c34de4)
Querying Fontconfig
--------------------------------------------------------------------------------
Update Information:
printing unicode by default. no option like -u or --unicode needed from now
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 21 2023 Sudip Shil <sshil(a)redhat.com> - 1.0.9-1
- printing unicode by default. no option like -u or --unicode needed from now
--------------------------------------------------------------------------------
================================================================================
xpra-5.0.2-2.el9 (FEDORA-EPEL-2023-33eb4a1f83)
Remote display server for applications and desktops
--------------------------------------------------------------------------------
Update Information:
Move ffmpeg plugin to Fedora
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 24 2023 S��rgio M. Basto <sergio(a)serjux.com> - 5.0.2-2
- Move ffmpeg plugin to Fedora
* Tue Sep 19 2023 Antonio Trande <sagitter(a)fedoraproject.org> - 5.0.2-1
- Release 5.0.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2238701 - xpra-5.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2238701
--------------------------------------------------------------------------------