The following Fedora EPEL 9 Security updates need testing:
Age URL
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-eacf1a60fb
python-flask-restx-1.1.0-1.el9
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-5b5f974a90
sympa-6.2.72-2.el9
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-867723f541
cpp-httplib-0.12.5-2.el9
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-f04011e9d4
yarnpkg-1.22.19-5.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
apptainer-1.1.9-1.el9
guacamole-server-1.5.2-2.el9
mongo-c-driver-1.23.5-1.el9
perl-Graphics-TIFF-20-1.el9
perl-HTML-StripScripts-1.06-22.el9
python-cliff-4.2.0-2.el9
python-ogr-0.45.0-1.el9
remmina-1.4.31-1.el9
rust-aho-corasick-1.0.2-1.el9
rust-getrandom-0.2.10-1.el9
rust-iana-time-zone-0.1.57-1.el9
rust-lock_api-0.4.10-1.el9
rust-mio-0.8.8-1.el9
rust-once_cell-1.18.0-1.el9
rust-parking_lot_core-0.9.8-1.el9
rust-procfs0.12-0.12.0-1.el9
rust-regex-1.8.4-1.el9
rust-tempfile-3.6.0-1.el9
syncthing-1.23.5-1.el9
Details about builds:
================================================================================
apptainer-1.1.9-1.el9 (FEDORA-EPEL-2023-4949aa5f16)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream-1.1.9
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Dave Dykstra <dwd(a)fnal.gov> - 1.1.9-1
- Update to upstream 1.1.9.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2213313 - apptainer-1.1.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2213313
--------------------------------------------------------------------------------
================================================================================
guacamole-server-1.5.2-2.el9 (FEDORA-EPEL-2023-eb4f2cd0c6)
Server-side native components that form the Guacamole proxy
--------------------------------------------------------------------------------
Update Information:
- Added upstream patch to fix RDP related segfault ([GUACAMOLE-
1802](https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-...)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Robert Scheck <robert(a)fedoraproject.org> - 1.5.2-2
- Added upstream patch to fix RDP related segfault (GUACAMOLE-1802)
--------------------------------------------------------------------------------
================================================================================
mongo-c-driver-1.23.5-1.el9 (FEDORA-EPEL-2023-31a44d5fdb)
Client library written in C for MongoDB
--------------------------------------------------------------------------------
Update Information:
**libmongoc 1.23.5** Fixes: * Fix potential crash due to insufficient
memory when allocating performance counters. * Fix compilation error on
Android platforms due to missing aligned_alloc. * Return an error if
RewrapManyDataKey is invoked without a provider when a masterKey is given.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Remi Collet <remi(a)remirepo.net> - 1.23.5-1
- update to 1.23.5
--------------------------------------------------------------------------------
================================================================================
perl-Graphics-TIFF-20-1.el9 (FEDORA-EPEL-2023-8254b0f713)
Perl extension for the LibTIFF library
--------------------------------------------------------------------------------
Update Information:
This release adds a support for position tags. It also adapts tests to Perl
5.37.11
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Petr Pisar <ppisar(a)redhat.com> - 20-1
- 20 version bump
* Thu May 18 2023 Petr Pisar <ppisar(a)redhat.com> - 19-4
- Handle position tags and adapt tests to changes in ImageMagick-7.1.1.8
(bug #2208278)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2212972 - perl-Graphics-TIFF-20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2212972
--------------------------------------------------------------------------------
================================================================================
perl-HTML-StripScripts-1.06-22.el9 (FEDORA-EPEL-2023-de31cb6120)
Strip scripting constructs out of HTML
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2023-24038
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Xavier Bachelot <xavier(a)bachelot.org> 1.06-22
- Add patch for CVE-2023-24038
- Convert License: to SPDX
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-21
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-20
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue May 31 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.06-19
- Perl 5.36 rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.06-18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2164149 - CVE-2023-24038 perl-HTML-StripScripts: Handler for style attribute
is vulnerable to ReDoS [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2164149
--------------------------------------------------------------------------------
================================================================================
python-cliff-4.2.0-2.el9 (FEDORA-EPEL-2023-d1292bc1d6)
Command Line Interface Formulation Framework
--------------------------------------------------------------------------------
Update Information:
Latest build for EPEL 9
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 6 2023 Joel Capitao <jcapitao(a)redhat.com> 4.2.0-2
- Remove mock and testrepository BR
* Fri Apr 21 2023 Karolina Kula <kkula(a)redhat.com> 4.2.0-1
- Update to upstream version 4.2.0
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Sep 28 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 4.0.0-2
- Fix missing importlib_metadata runtime dependency
* Sun Sep 18 2022 Kevin Fenzi <kevin(a)scrye.com> - 4.0.0-1
- Update to 4.0.0. Fixes rhbz#2117683
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.10.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 3.10.1-3
- Rebuilt for pyparsing-3.0.9
* Thu Jun 16 2022 Python Maint <python-maint(a)redhat.com> - 3.10.1-2
- Rebuilt for Python 3.11
* Thu May 19 2022 Joel Capitao <jcapitao(a)redhat.com> 3.10.1-1
- Update to upstream version 3.10.1
* Thu Jan 27 2022 Joel Capitao <jcapitao(a)redhat.com> - 3.10.0-3
- Requires autopage to fix F36/FTBFS
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.10.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sat Jan 8 2022 Kevin Fenzi <kevin(a)scrye.com> - 3.10.0-1
- Update to 3.10.0. Fixes rhbz#2026719
* Sat Nov 6 2021 Kevin Fenzi <kevin(a)scrye.com> - 3.9.0-1
- Update to 3.9.1. Fixes rhbz#1997441
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.8.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sat Jun 19 2021 Kevin Fenzi <kevin(a)scrye.com> - 3.8.0-1
- Update to 3.8.0. Fixes rhbz#1965278
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2111289 - Please branch and build python3-cliff in epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2111289
--------------------------------------------------------------------------------
================================================================================
python-ogr-0.45.0-1.el9 (FEDORA-EPEL-2023-94ded031c0)
One API for multiple git forges
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-ogr-0.45.0-1.el9. ##### **Changelog for python-
ogr** ``` * Mon Jun 05 2023 Packit <hello(a)packit.dev> - 0.45.0-1 - OGR now
supports PyGithub >= 1.58. ```
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 5 2023 Packit <hello(a)packit.dev> - 0.45.0-1
- OGR now supports PyGithub >= 1.58.
--------------------------------------------------------------------------------
================================================================================
remmina-1.4.31-1.el9 (FEDORA-EPEL-2023-cb8b50eb56)
Remote Desktop Client
--------------------------------------------------------------------------------
Update Information:
New upstream version 1.4.31. Remove no longer needed patches.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Phil Wyett <philip.wyett(a)kathenas.org> - 1.4.31-1
- New upstream version 1.4.31.
- Remove no longer needed patches.
* Tue Jun 6 2023 Phil Wyett <philip.wyett(a)kathenas.org> - 1.4.30-3
- Remove some old workarounds from spec file.
--------------------------------------------------------------------------------
================================================================================
rust-aho-corasick-1.0.2-1.el9 (FEDORA-EPEL-2023-fc3941baee)
Fast multiple substring searching
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.2-1
- Update to version 1.0.2; Fixes RHBZ#2212163
--------------------------------------------------------------------------------
================================================================================
rust-getrandom-0.2.10-1.el9 (FEDORA-EPEL-2023-e3c570b06d)
Small cross-platform library for retrieving random data from system source
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.10.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.2.10-1
- Update to version 0.2.10; Fixes RHBZ#2212935
--------------------------------------------------------------------------------
================================================================================
rust-iana-time-zone-0.1.57-1.el9 (FEDORA-EPEL-2023-86eb8b4948)
Get the IANA time zone for the current system
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.57.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.57-1
- Update to version 0.1.57; Fixes RHBZ#2213192
--------------------------------------------------------------------------------
================================================================================
rust-lock_api-0.4.10-1.el9 (FEDORA-EPEL-2023-85476692c6)
Wrappers to create fully-featured Mutex and RwLock types
--------------------------------------------------------------------------------
Update Information:
Update to version 0.4.10.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.10-1
- Update to version 0.4.10; Fixes RHBZ#2212573
--------------------------------------------------------------------------------
================================================================================
rust-mio-0.8.8-1.el9 (FEDORA-EPEL-2023-0dedf1fef9)
Lightweight non-blocking I/O
--------------------------------------------------------------------------------
Update Information:
Update to version 0.8.8.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 4 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.8.8-1
- Update to version 0.8.8; Fixes RHBZ#2211201
--------------------------------------------------------------------------------
================================================================================
rust-once_cell-1.18.0-1.el9 (FEDORA-EPEL-2023-d73abb6ea4)
Single assignment cells and lazy values
--------------------------------------------------------------------------------
Update Information:
Update to version 1.18.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.18.0-1
- Update to version 1.18.0; Fixes RHBZ#2212161
--------------------------------------------------------------------------------
================================================================================
rust-parking_lot_core-0.9.8-1.el9 (FEDORA-EPEL-2023-1e88413289)
Advanced API for creating custom synchronization primitives
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.8.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.9.8-1
- Update to version 0.9.8; Fixes RHBZ#2212575
--------------------------------------------------------------------------------
================================================================================
rust-procfs0.12-0.12.0-1.el9 (FEDORA-EPEL-2023-887ac981d3)
Interface to the linux procfs pseudo-filesystem
--------------------------------------------------------------------------------
Update Information:
Import compat package for v0.12 of the procfs crate to EPEL9 to fix FTBFS / FTI
issues caused by an incomplete update.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 17 2023 Michel Alexandre Salim <salimma(a)fedoraproject.org> - 0.12.0-1
- Initial Fedora package
--------------------------------------------------------------------------------
================================================================================
rust-regex-1.8.4-1.el9 (FEDORA-EPEL-2023-f026dc2c4d)
Implementation of regular expressions for Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 1.8.4.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.8.4-1
- Update to version 1.8.4; Fixes RHBZ#2212388
--------------------------------------------------------------------------------
================================================================================
rust-tempfile-3.6.0-1.el9 (FEDORA-EPEL-2023-87168d300e)
Library for managing temporary files and directories
--------------------------------------------------------------------------------
Update Information:
Update to version 3.6.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 3.6.0-1
- Update to version 3.6.0; Fixes RHBZ#2212993
--------------------------------------------------------------------------------
================================================================================
syncthing-1.23.5-1.el9 (FEDORA-EPEL-2023-a1ed86449c)
Continuous File Synchronization
--------------------------------------------------------------------------------
Update Information:
Update to version 1.23.5. Addresses CVE-2022-46165.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.23.5-1
- Update to version 1.23.5; Fixes RHBZ#2213024
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.23.4-1
- Update to version 1.23.4; Fixes RHBZ#2184805
* Wed Jun 7 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.23.2-1
- Update to version 1.23.2; Fixes RHBZ#2167959
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2213012 - CVE-2022-46165 syncthing: Cross-site scripting through malicious
files [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2213012
--------------------------------------------------------------------------------