The following Fedora EPEL 8 Security updates need testing:
Age URL
65
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e00c3d01e
cutter-re-2.2.0-1.el8 rizin-0.5.1-1.el8
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-29e8ff9273
osslsigncode-2.5-3.el8
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-78e9d2e031
dropbear-2019.78-5.el8
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9f9a39afa5
editorconfig-0.12.6-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-113.0.5672.126-1.el8
eccodes-2.30.0-1.el8
liblxi-1.20-1.el8
Details about builds:
================================================================================
chromium-113.0.5672.126-1.el8 (FEDORA-EPEL-2023-2694488870)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
update to 113.0.5672.126. Fixes the many security issues
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 17 2023 Than Ngo <than(a)redhat.com> - 113.0.5672.126-1
- drop clang workaround for el8
- update to 113.0.5672.126
* Tue May 9 2023 Than Ngo <than(a)redhat.com> - 113.0.5672.92-1
- update to 113.0.5672.92
* Wed May 3 2023 Than Ngo <than(a)redhat.com> - 113.0.5672.63-1
- update to 113.0.5672.63
* Sun Apr 23 2023 Than Ngo <than(a)redhat.com> - 112.0.5615.165-2
- make --use-gl=egl default for x11/wayland
- enable WebUIDarkMode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2192762 - CVE-2023-2459 chromium-browser: Inappropriate implementation in
Prompts
https://bugzilla.redhat.com/show_bug.cgi?id=2192762
[ 2 ] Bug #2192763 - CVE-2023-2460 chromium-browser: Insufficient validation of
untrusted input in Extensions
https://bugzilla.redhat.com/show_bug.cgi?id=2192763
[ 3 ] Bug #2192764 - CVE-2023-2461 chromium-browser: Use after free in OS Inputs
https://bugzilla.redhat.com/show_bug.cgi?id=2192764
[ 4 ] Bug #2192765 - CVE-2023-2462 chromium-browser: Inappropriate implementation in
Prompts
https://bugzilla.redhat.com/show_bug.cgi?id=2192765
[ 5 ] Bug #2192766 - CVE-2023-2463 chromium-browser: Inappropriate implementation in
Full Screen Mode
https://bugzilla.redhat.com/show_bug.cgi?id=2192766
[ 6 ] Bug #2192767 - CVE-2023-2464 chromium-browser: Inappropriate implementation in
PictureInPicture
https://bugzilla.redhat.com/show_bug.cgi?id=2192767
[ 7 ] Bug #2192768 - CVE-2023-2465 chromium-browser: Inappropriate implementation in
CORS
https://bugzilla.redhat.com/show_bug.cgi?id=2192768
[ 8 ] Bug #2192769 - CVE-2023-2466 chromium-browser: Inappropriate implementation in
Prompts
https://bugzilla.redhat.com/show_bug.cgi?id=2192769
[ 9 ] Bug #2192770 - CVE-2023-2467 chromium-browser: Inappropriate implementation in
Prompts
https://bugzilla.redhat.com/show_bug.cgi?id=2192770
[ 10 ] Bug #2192771 - CVE-2023-2468 chromium-browser: Inappropriate implementation in
PictureInPicture
https://bugzilla.redhat.com/show_bug.cgi?id=2192771
--------------------------------------------------------------------------------
================================================================================
eccodes-2.30.0-1.el8 (FEDORA-EPEL-2023-f971004f31)
WMO data format decoding and encoding
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream version 2.30.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 18 2023 Jos de Kloe <josdekloe(a)gmail.com> - 2.30.0-1
- Upgrade to upstream version 2.30.0
- explicitly switch on ENABLE_AEC
- migrated to SPDX license
* Wed Jun 1 2022 Jos de Kloe <josdekloe(a)gmail.com> - 2.26.0-1
- Upgrade to upstream version 2.26.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2208249 - eccodes-2.23.0-1.el7
https://bugzilla.redhat.com/show_bug.cgi?id=2208249
--------------------------------------------------------------------------------
================================================================================
liblxi-1.20-1.el8 (FEDORA-EPEL-2023-fd0f88e4b8)
Library with simple API for communication with LXI devices
--------------------------------------------------------------------------------
Update Information:
# liblxi v1.20 * refactor(bonjour): Fix typo & refine browse default domain *
feat(bonjour): Add mdns support for macOS
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 20 2023 Robert Scheck <robert(a)fedoraproject.org> 1.20-1
- Upgrade to 1.20 (#2208790)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2208790 - liblxi-1.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2208790
--------------------------------------------------------------------------------