The following Fedora EPEL 7 Security updates need testing:
Age URL
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7b1c8f21d9
chromium-89.0.4389.82-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7f38c5da36
lib3mf-2.0.1-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7f980da66e
tor-0.3.5.14-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
atasm-1.09-1.el7
beakerlib-1.27-1.el7
exim-4.94-2.el7
zarafa-7.1.14-4.el7
Details about builds:
================================================================================
atasm-1.09-1.el7 (FEDORA-EPEL-2021-b1d43d7b48)
6502 cross-assembler
--------------------------------------------------------------------------------
Update Information:
- update to 1.09
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Dan Hor��k <dan[at]danny.cz> - 1.09-1
- update to 1.09 - CVE-2019-19785 CVE-2019-19786 CVE-2019-19787
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.08-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Jan 21 2021 Dan Hor��k <dan[at]danny.cz> - 1.08-7
- pass correct linker flags
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.08-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <tstellar(a)redhat.com> - 1.08-5
- Use make macros
-
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.08-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.08-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.08-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jul 16 2018 Dan Hor��k <dan[at]danny.cz> - 1.08-1
- update to 1.08
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.07d-16
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.07d-15
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 2 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.07d-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.07d-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.07d-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Feb 3 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.07d-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.07d-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.07d-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.07d-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1786344 - CVE-2019-19785 atasm: stack-based buffer overflow in to_comma in
asm.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1786344
[ 2 ] Bug #1786346 - CVE-2019-19785 atasm: stack-based buffer overflow in to_comma in
asm.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1786346
[ 3 ] Bug #1786347 - CVE-2019-19786 atasm: stack-based buffer overflow in parse_expr in
setparse.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1786347
[ 4 ] Bug #1786349 - CVE-2019-19786 atasm: stack-based buffer overflow in parse_expr in
setparse.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1786349
[ 5 ] Bug #1786605 - CVE-2019-19787 atasm: stack-based buffer overflow in
get_signed_expression in setparse.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1786605
[ 6 ] Bug #1786607 - CVE-2019-19787 atasm: stack-based buffer overflow in
get_signed_expression in setparse.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1786607
--------------------------------------------------------------------------------
================================================================================
beakerlib-1.27-1.el7 (FEDORA-EPEL-2021-929329df02)
A shell-level integration testing library
--------------------------------------------------------------------------------
Update Information:
- rlCheckRequirements is now able to check also versioned requirements
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Dalibor Pospisil <dapospis(a)redhat.com> - 1.27-1
- rlCheckRequirements is now able to check also versions requirements
--------------------------------------------------------------------------------
================================================================================
exim-4.94-2.el7 (FEDORA-EPEL-2021-a650134f4f)
The exim mail transfer agent
--------------------------------------------------------------------------------
Update Information:
Fixed cname handling in TLS certificate verification
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.94-2
- Fixed cname handling in TLS certificate verification
Resolves: rhbz#1942583
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1942581 - exim: CNAME handling can break TLS certificate verification
https://bugzilla.redhat.com/show_bug.cgi?id=1942581
--------------------------------------------------------------------------------
================================================================================
zarafa-7.1.14-4.el7 (FEDORA-EPEL-2021-615589a3ad)
Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:
- Added patch to allow building against libical 3.0.x - Added upstream patch
to fix remote DoS in zarafa-ical (#1942773)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Robert Scheck <robert(a)fedoraproject.org> 7.1.14-4
- Added patch to allow building against libical 3.0.x
- Added upstream patch to fix remote DoS in zarafa-ical (#1942773)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1942773 - zarafa: Remote DoS by memory exhaustion in zarafa-ical component
https://bugzilla.redhat.com/show_bug.cgi?id=1942773
--------------------------------------------------------------------------------