The following Fedora EPEL 8 Security updates need testing:
Age URL
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-2da86b14b9
js-jquery-ui-1.13.2-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
bzip3-1.2.1-1.el8
heimdal-7.7.1-1.el8
ntfs-3g-2022.10.3-1.el8
packetdrill-2.0~20220927gitc556afb-3.el8
qt-creator-4.12.4-10.el8
rsnapshot-1.4.4-1.el8
wasmedge-0.11.2-1.el8
Details about builds:
================================================================================
bzip3-1.2.1-1.el8 (FEDORA-EPEL-2022-a5507613e7)
Tools for compressing and decompressing bzip3 files
--------------------------------------------------------------------------------
Update Information:
This update brings a bz3most tool, a paged viewer for bz3 archive content.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 11 2022 Petr Pisar <ppisar(a)redhat.com> - 1.2.1-1
- 1.2.1 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2141791 - bzip3-1.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2141791
--------------------------------------------------------------------------------
================================================================================
heimdal-7.7.1-1.el8 (FEDORA-EPEL-2022-be3947859f)
A Kerberos 5 implementation without export restrictions
--------------------------------------------------------------------------------
Update Information:
This release fixes the following Security Vulnerabilities: * CVE-2022-42898 PAC
parse integer overflows * CVE-2022-3437 Overflows and non-constant time leaks in
DES{,3} and arcfour * CVE-2022-41916 Fix Unicode normalization read of 1 bytes
past end of array * CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors *
CVE-2021-3671 A null pointer de-reference when handling missing sname in TGS-REQ
* CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec Note that
CVE-2022-44640 is a severe vulnerability, possibly a 10.0 on the Common
Vulnerability Scoring System (CVSS) v3.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 16 2022 Alexander Bostr��m <abo(a)root.snowtree.se> - 7.7.1-1
- Update to 7.7.1
- Remove upstreamed patch
- Replace patch with sed command
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.7.0-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.7.0-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.7.0-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Apr 13 2021 Alexander Bostr��m <abo(a)root.snowtree.se> - 7.7.0-9
- Backport autoconf-2.70 fix
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.7.0-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.7.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ntfs-3g-2022.10.3-1.el8 (FEDORA-EPEL-2022-15e4c3606e)
Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:
Update to 2022.10.3. Fixes CVE-2022-40284
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 3 2022 Gabriel Kihlman <gk(a)sysctl.se> - 2:2022.10.3-1
- New upstream version 2022.10.3
- Fixes: CVE-2022-40284
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2090876 - ntfs-3g-2022.10.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2090876
[ 2 ] Bug #2140031 - CVE-2022-40284: buffer overflow in NTFS-3G
https://bugzilla.redhat.com/show_bug.cgi?id=2140031
--------------------------------------------------------------------------------
================================================================================
packetdrill-2.0~20220927gitc556afb-3.el8 (FEDORA-EPEL-2022-d1c60a847f)
Quick, precise tests for entire TCP/UDP/IPv4/IPv6 network stacks
--------------------------------------------------------------------------------
Update Information:
Backport upstream PR for Python 3 support
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 15 2022 Davide Cavalca <dcavalca(a)fedoraproject.org>
2.0~20220927gitc556afb-3
- Backport upstream PR for Python 3 support
--------------------------------------------------------------------------------
================================================================================
qt-creator-4.12.4-10.el8 (FEDORA-EPEL-2022-a5041250cf)
Cross-platform IDE for Qt
--------------------------------------------------------------------------------
Update Information:
Rebuild for Qt 5.15.13 (RHEL 8.7)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 11 2022 Thomas Zimmermann <thomas.zimmermann(a)voestalpine.com> - 4.12.4-10
- Rebuild for Qt 5.15.13 (RHEL 8.7)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2142895 - Request to rebuild qt-creator for RHEL 8.7
https://bugzilla.redhat.com/show_bug.cgi?id=2142895
--------------------------------------------------------------------------------
================================================================================
rsnapshot-1.4.4-1.el8 (FEDORA-EPEL-2022-9ffffb529d)
Local and remote filesystem snapshot utility
--------------------------------------------------------------------------------
Update Information:
# rsnapshot 1.4.4 - Add sentence explaining rsync_long|short_args + sign to man
page - Fix rsnapreport problems (incorrect header, fail when `rsync` present,
fail with LVM) - Add notes about documentation, and link to the website repo -
Fix for '`rsync_cleanup_after_native_cp_al()` only works on directories' fail
when `sync_first on` and `cmd_cp` not set (#133), add test - Fix for `rm -rf`
failing when the path contains `./` - Suppress noisy error from non-GNU `cp` on
BSD-ish machines, including MacOS - Add CentOS 7 to successfully tested to docs
- Minor tidy up rel `configure` options `--with-test-(true|false)` - Update
travis build settings - Dont use `m4_esyscmd_s` in `configure.ac` - Update docs
to remove dangling refs to HOWTO on
rsnapshot.org - Skip both SSH tests (rather
one) if SSH doesn't work - Use perl-5.30 for tests (used in Ubuntu 20.04 Focal)
- Lower verbose level of `rsync` output to 1.3.x equivalent to work with
`rsnapreport.pl` again - Fix location of true and false binaries on macOS
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 16 2022 Robert Scheck <robert(a)fedoraproject.org> - 1.4.4-1
- Upgrade to 1.4.4 (#1974006, thanks to Todd Zullinger)
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.3-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.3-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.3-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.3-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.3-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Mar 31 2020 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.4.3-3
- Specify all perl dependencies needed for tests
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1974006 - rsnapshot 1.4.4 is available. Please build for EPEL8 and Fedora34
https://bugzilla.redhat.com/show_bug.cgi?id=1974006
--------------------------------------------------------------------------------
================================================================================
wasmedge-0.11.2-1.el8 (FEDORA-EPEL-2022-f1e491bb20)
High performance WebAssembly Virtual Machine
--------------------------------------------------------------------------------
Update Information:
Release 0.11.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 16 2022 dm4 <dm4(a)secondstate.io> 0.11.2-1
- Release 0.11.2
--------------------------------------------------------------------------------