The following Fedora EPEL 8 Security updates need testing: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-18fb909316 znc-1.8.1-1.el8 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-3c9503ab68 libmp4v2-2.1.0-0.21.trunkREV507.el8 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f64e687c3f lynis-3.0.0-1.el8 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c047cbdfd0 hostapd-2.9-4.el8 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4d185f6e16 alpine-2.23-2.el8 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-da42cd0f70 ngircd-26-3.el8 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6e0d8564ec chromium-83.0.4103.116-3.el8 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-8e909a0e81 coturn-4.5.1.3-1.el8 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f1828228be xrdp-0.9.13.1-1.el8

The following builds have been pushed to Fedora EPEL 8 updates-testing

botan2-2.12.1-2.el8 python-bugzilla-2.5.0-1.el8 python-gnupg-0.4.6-1.el8

Details about builds:

================================================================================ botan2-2.12.1-2.el8 (FEDORA-EPEL-2020-9239b6fa50) Crypto and TLS for C++11 -------------------------------------------------------------------------------- Update Information:

Backport patch for #1849743 (CBC padding side channel) from 2.14.0. -------------------------------------------------------------------------------- ChangeLog:

* Sat Jul 4 2020 Thomas Moschny thomas.moschny@gmx.de - 2.12.1-2 - Backport patch for #1849743 (CBC padding side channel) from 2.14.0. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1849745 - botan2: botan: CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1849745 [ 2 ] Bug #1849746 - botan2: botan: CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=1849746 --------------------------------------------------------------------------------

================================================================================ python-bugzilla-2.5.0-1.el8 (FEDORA-EPEL-2020-77acd91af7) Python library for interacting with Bugzilla -------------------------------------------------------------------------------- Update Information:

* Update to version 2.5.0 * cli: Add query --extrafield, --includefield, --excludefield * Revive bugzilla.rhbugzilla.RHBugzilla import path -------------------------------------------------------------------------------- ChangeLog:

* Sat Jul 4 2020 Cole Robinson crobinso@redhat.com - 2.5.0-1 - Update to version 2.5.0 - cli: Add query --extrafield, --includefield, --excludefield - Revive bugzilla.rhbugzilla.RHBugzilla import path * Mon Jun 29 2020 Cole Robinson crobinso@redhat.com - 2.4.0-1 - Update to version 2.4.0 - Bugzilla REST API support - Add --json command line output option - Add APIs for Bugzilla Groups (Pierre-Yves Chibon) - Add 'Bugzilla.get_requests_session()' API to access raw requests Session - Add 'Bugzilla.get_xmlrpc_proxy()' API to access raw ServerProxy - Add 'Bugzilla requests_session=' init parameter to pass in auth, etc. - Add 'bugzilla attach --ignore-obsolete' (��estm��r Kalina) - Add 'bugzilla login --api-key' for API key prompting (Danilo C. L. de Paula) - Add 'bugzilla new --private' --------------------------------------------------------------------------------

================================================================================ python-gnupg-0.4.6-1.el8 (FEDORA-EPEL-2020-13c6cbc484) A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -------------------------------------------------------------------------------- Update Information:

New python-gnupg version -------------------------------------------------------------------------------- ChangeLog:

-------------------------------------------------------------------------------- References:

[ 1 ] Bug #1670367 - CVE-2019-6690 python-gnupg: improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt() [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1670367 [ 2 ] Bug #1670368 - CVE-2019-6690 python-gnupg: improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt() [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1670368 [ 3 ] Bug #1744978 - Request to build python-gnupg for EPEL 8 https://bugzilla.redhat.com/show_bug.cgi?id=1744978 [ 4 ] Bug #1828319 - RFE - build a python-gnupg for EPEL 8 please. https://bugzilla.redhat.com/show_bug.cgi?id=1828319 --------------------------------------------------------------------------------