The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-afd7021128 ipython-3.2.3-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-08427e256d seamonkey-2.53.15-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2b409ccc37 imlib2-1.4.9-8.el7

The following builds have been pushed to Fedora EPEL 7 updates-testing

R-qtl-1.58-1.el7 golang-1.18.9-1.el7 ipmctl-03.00.00.0468-3.el7 knot-resolver-5.6.0-1.el7

Details about builds:

================================================================================ R-qtl-1.58-1.el7 (FEDORA-EPEL-2023-12c98cc766) Tools for analyzing QTL experiments -------------------------------------------------------------------------------- Update Information:

R-qtl 1.58 -------------------------------------------------------------------------------- ChangeLog:

* Wed Jan 25 2023 Mattias Ellert mattias.ellert@physics.uu.se - 1.58-1 - Update to 1.58 - Workaround broken openblas on aarch64 in RHEL 8 and 9 * Wed Jan 18 2023 Fedora Release Engineering releng@fedoraproject.org - 1.52-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Sep 1 2022 Tom Callaway spot@fedoraprojet.org - 1.52-3 - rebuild for R 4.2.1 * Wed Jul 20 2022 Fedora Release Engineering releng@fedoraproject.org - 1.52-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ golang-1.18.9-1.el7 (FEDORA-EPEL-2023-970698785b) The Go Programming Language -------------------------------------------------------------------------------- Update Information:

Update to golang-1.18.9 using the same patches as on EL8, including security fixes for CVE-2022-32189, CVE-2022-27664, CVE-2022-27664, CVE-2022-32190, CVE-2022-41715, CVE-2022-2880, CVE-2022-2879, CVE-2022-41720, and CVE-2022-41717 -------------------------------------------------------------------------------- ChangeLog:

* Wed Jan 25 2023 Dave Dykstra dwd@fedoraproject.org - 1.18.9-1 - Update to 1.18.9 by doing the equivalent changes as centos8-stream. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service https://bugzilla.redhat.com/show_bug.cgi?id=2113814 [ 2 ] Bug #2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances https://bugzilla.redhat.com/show_bug.cgi?id=2124668 [ 3 ] Bug #2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY https://bugzilla.redhat.com/show_bug.cgi?id=2124669 [ 4 ] Bug #2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers https://bugzilla.redhat.com/show_bug.cgi?id=2132867 [ 5 ] Bug #2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters https://bugzilla.redhat.com/show_bug.cgi?id=2132868 [ 6 ] Bug #2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps https://bugzilla.redhat.com/show_bug.cgi?id=2132872 [ 7 ] Bug #2161271 - CVE-2022-41720 golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows https://bugzilla.redhat.com/show_bug.cgi?id=2161271 [ 8 ] Bug #2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests https://bugzilla.redhat.com/show_bug.cgi?id=2161274 --------------------------------------------------------------------------------

================================================================================ ipmctl-03.00.00.0468-3.el7 (FEDORA-EPEL-2023-e53f5e87f4) Utility for managing Intel Optane DC persistent memory modules -------------------------------------------------------------------------------- Update Information:

Update to version 03.00.00.0468 -------------------------------------------------------------------------------- ChangeLog:

* Wed Jan 25 2023 Steven Pontsler steven.pontsler@intel.com - 03.00.00.0468-3 - revert changes to call cmake * Wed Jan 25 2023 Steven Pontsler steven.pontsler@intel.com - 03.00.00.0468-2 - Revert required package from python3 to python * Wed Jan 25 2023 Steven Pontsler steven.pontsler@intel.com - 03.00.00.0468-1 - Release 03.00.00.0468 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2160195 - build ipmctl v03.00.00.0468 https://bugzilla.redhat.com/show_bug.cgi?id=2160195 --------------------------------------------------------------------------------

================================================================================ knot-resolver-5.6.0-1.el7 (FEDORA-EPEL-2023-8621d18e27) Caching full DNS Resolver -------------------------------------------------------------------------------- Update Information:

Update to upstream version 5.6.0 -------------------------------------------------------------------------------- ChangeLog:

* Thu Jan 26 2023 Jakub Ru��i��ka jakub.ruzicka@nic.cz - 5.6.0-1 - update to upstream version 5.6.0 --------------------------------------------------------------------------------