--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-5501bf4a30
2024-06-01 00:31:38.767847
--------------------------------------------------------------------------------
Name : python3-rpm
Product : Fedora EPEL 8
Version : 4.14.3
Release : 31.2.el8
URL : http://www.rpm.org/
Summary : Python 3.X packages with RPM bindings
Description :
Additional Python 3.X packages with the RPM Python bindings.
--------------------------------------------------------------------------------
Update Information:
Sync with RHEL 8.10. Add Python 3.12.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 23 2024 Miro Hron��ok <mhroncok(a)redhat.com> - 4.14.3-31.2
- Add python3.12-rpm
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python3-rpm' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-390ddfd2d3
2024-06-01 00:31:38.767827
--------------------------------------------------------------------------------
Name : netdata
Product : Fedora EPEL 8
Version : 1.45.5
Release : 1.el8
URL : http://my-netdata.io
Summary : Real-time performance monitoring
Description :
netdata is the fastest way to visualize metrics. It is a resource
efficient, highly optimized system for collecting and visualizing any
type of realtime time-series data, from CPU usage, disk activity, SQL
queries, API calls, web site visitors, etc.
netdata tries to visualize the truth of now, in its greatest detail,
so that you can get insights of what is happening now and what just
happened, on your systems and applications.
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 23 2024 Didier Fabert <didier.fabert(a)gmail.com> 1.45.5-1
- Update from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2282790 - netdata-1.45.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2282790
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update netdata' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-1d875c6725
2024-06-01 00:31:38.767834
--------------------------------------------------------------------------------
Name : clamav-unofficial-sigs
Product : Fedora EPEL 8
Version : 7.2.5
Release : 11.el8
URL : https://github.com/extremeshok/clamav-unofficial-sigs
Summary : Scripts to download unofficial clamav signatures
Description :
This package contains scripts and configuration files
that provide the capability to download, test, and
update the 3rd-party signature databases provide by
Sanesecurity, SecuriteInfo, MalwarePatrol, OITC,
INetMsg and ScamNailer.
--------------------------------------------------------------------------------
Update Information:
Added upstream patch to fix urlhaus mkdir and ownership
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 16 2024 Robert Scheck <robert(a)fedoraproject.org> - 7.2.5-11
- Added upstream patch to fix urlhaus mkdir and ownership
* Tue Jan 23 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.2.5-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.2.5-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Nov 4 2023 Didier Fabert <didier.fabert(a)gmail.com> - 7.2.5-8
- migrated to SPDX license
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.2.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Apr 17 2023 J��n ONDREJ (SAL) <ondrejj(at)salstar.sk> - 7.2.5-6
- Fix: grep: warning: stray \ before "
- Remove clean section
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.2.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.2.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1949414 - Failed connection to urlhaus.abuse.ch
https://bugzilla.redhat.com/show_bug.cgi?id=1949414
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update clamav-unofficial-sigs' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-b54bbb6a53
2024-06-01 00:31:38.767820
--------------------------------------------------------------------------------
Name : fedora-license-data
Product : Fedora EPEL 8
Version : 1.47
Release : 1.el8
URL : https://gitlab.com/fedora/legal/fedora-license-data
Summary : Fedora Linux license data
Description :
This project contains information about licenses used in the Fedora
Linux project. Licenses are categorized by their approval or
non-approval and may include additional notes. The data files provide
mappings between the SPDX license expressions and the older Fedora
license legacy-abbreviations.
The project also intends to publish the combined license information
in a number of data file formats and provide a package in Fedora for
other projects to reference, such as package building tools and
package checking tools.
The Fedora Legal team is responsible for this project.
--------------------------------------------------------------------------------
Update Information:
Automatic update for fedora-license-data-1.47-1.el8.
Changelog for fedora-license-data
* Thu May 23 2024 Miroslav Such�� <msuchy(a)redhat.com> 1.47-1
- add GPL-2.0-or-later WITH RRDtool-FLOSS-exception-2.0
- add text of ultrapermissive dedication from sublimehq
- add HPND-export2-US license
- add Gutmann license
- add HPND-merchantability-variant license
- fix case in license id of BSD-2-Clause-first-lines
- add HPND-export-US-acknowledgement license
- add HPND-Intel license
- add loguru public domain dedication
- add BSD-3-Clause WITH AdditionRef-OpenEXR-Additional-IP-Rights-Grant
- add HPND-sell-variant-MIT-disclaimer-rev license
- add GD license
- Add crc32 license found in libsurvive to UltraPermissive
- allow lower case variant
- add any-OSI license
- document dotnet* packages as exception for LicenseRef-ISO-8879
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 23 2024 Miroslav Such�� <msuchy(a)redhat.com> 1.47-1
- add GPL-2.0-or-later WITH RRDtool-FLOSS-exception-2.0
- add text of ultrapermissive dedication from sublimehq
- add HPND-export2-US license
- add Gutmann license
- add HPND-merchantability-variant license
- fix case in license id of BSD-2-Clause-first-lines
- add HPND-export-US-acknowledgement license
- add HPND-Intel license
- add loguru public domain dedication
- add BSD-3-Clause WITH AdditionRef-OpenEXR-Additional-IP-Rights-Grant
- add HPND-sell-variant-MIT-disclaimer-rev license
- add GD license
- Add crc32 license found in libsurvive to UltraPermissive
- allow lower case variant
- add any-OSI license
- document dotnet* packages as exception for LicenseRef-ISO-8879
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update fedora-license-data' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-925c717047
2024-06-01 00:31:38.767813
--------------------------------------------------------------------------------
Name : python-specfile
Product : Fedora EPEL 8
Version : 0.28.3
Release : 1.el8
URL : https://github.com/packit/specfile
Summary : A library for parsing and manipulating RPM spec files
Description :
Python library for parsing and manipulating RPM spec files.
Main focus is on modifying existing spec files, any change should result
in a minimal diff.
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-specfile-0.28.3-1.el8.
Changelog for python-specfile
* Thu May 23 2024 Packit <hello(a)packit.dev> - 0.28.3-1
- Fixed several minor issues such as processing seemingly commented-out macro
definitions (e.g. `#%global prerel rc1`) and treating `SourceLicense` tag as a
source. (#374, #376)
- Made `EVR`, `NEVR` and `NEVRA` objects comparable. (#379)
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 23 2024 Packit <hello(a)packit.dev> - 0.28.3-1
- Fixed several minor issues such as processing seemingly commented-out macro definitions (e.g. `#%global prerel rc1`) and treating `SourceLicense` tag as a source. (#374, #376)
- Made `EVR`, `NEVR` and `NEVRA` objects comparable. (#379)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-specfile' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2024-1a95b76e46
2024-06-01 00:31:38.767769
--------------------------------------------------------------------------------
Name : chromium
Product : Fedora EPEL 8
Version : 125.0.6422.76
Release : 1.el8
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).
--------------------------------------------------------------------------------
Update Information:
update to 125.0.6422.76
High CVE-2024-5157: Use after free in Scheduling
High CVE-2024-5158: Type Confusion in V8
High CVE-2024-5159: Heap buffer overflow in ANGLE
High CVE-2024-5160: Heap buffer overflow in Dawn
update to 125.0.6422.60
High CVE-2024-4947: Type Confusion in V8
High CVE-2024-4948: Use after free in Dawn
Medium CVE-2024-4949: Use after free in V8
Low CVE-2024-4950: Inappropriate implementation in Downloads
update to 124.0.6367.201
* High CVE-2024-4671: Use after free in Visuals
update to 124.0.6367.155
High CVE-2024-4558: Use after free in ANGLE
High CVE-2024-4559: Heap buffer overflow in WebAudio
update to 124.0.6367.118
High CVE-2024-4331: Use after free in Picture In Picture
High CVE-2024-4368: Use after free in Dawn
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 22 2024 Than Ngo <than(a)redhat.com> - 125.0.6422.76-1
- fix bz#2282246, update to 125.0.6422.76
* High CVE-2024-5157: Use after free in Scheduling
* High CVE-2024-5158: Type Confusion in V8
* High CVE-2024-5159: Heap buffer overflow in ANGLE
* High CVE-2024-5160: Heap buffer overflow in Dawn
- cleanup
* Mon May 20 2024 Than Ngo <than(a)redhat.com> - 125.0.6422.60-3
- remove unneeded BRs
- workarounds for el7 build
* Sun May 19 2024 Than Ngo <than(a)redhat.com> - 125.0.6422.60-2
- fix build errors on el7
* Thu May 16 2024 Than Ngo <than(a)redhat.com> - 125.0.6422.60-1
- update to 125.0.6422.60
* High CVE-2024-4947: Type Confusion in V8
* High CVE-2024-4948: Use after free in Dawn
* Medium CVE-2024-4949: Use after free in V8
* Low CVE-2024-4950: Inappropriate implementation in Downloads
* Sun May 12 2024 Than Ngo <than(a)redhat.com> - 125.0.6422.41-1
- update to 125.0.6422.41
* Sat May 11 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.201-2
- include headless_command_resources.pak for headless_shell
* Fri May 10 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.201-1
- update to 124.0.6367.201
* High CVE-2024-4671: Use after free in Visuals
* Wed May 8 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.155-1
- update to 124.0.6367.155
* High CVE-2024-4558: Use after free in ANGLE
* High CVE-2024-4559: Heap buffer overflow in WebAudio
* Sun May 5 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.118-2
- fixed build errors on el8
- refreshed clean_ffmpeg.sh
- added missing files for bundle ffmpeg
* Wed May 1 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.118-1
- update to 124.0.6367.118
* High CVE-2024-4331: Use after free in Picture In Picture
* High CVE-2024-4368: Use after free in Dawn
- use system highway
* Sat Apr 27 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.91-1
- update to 124.0.6367.91
- fixed bz#2277228 - chromium wrapper causes library issues (symbol lookup error)
- use system dav1d
* Wed Apr 24 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.78-1
- update to 124.0.6367.78
* Critical CVE-2024-4058: Type Confusion in ANGLE
* High CVE-2024-4059: Out of bounds read in V8 API
* High CVE-2024-4060: Use after free in Dawn
* Sat Apr 20 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.60-2
- fix waylang regression
* Tue Apr 16 2024 Than Ngo <than(a)redhat.com> - 124.0.6367.60-1
- update to 124.0.6367.60
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2274695 - CVE-2023-49528 chromium: FFmpeg: Heap Buffer Overflow vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2274695
[ 2 ] Bug #2275841 - CVE-2024-31578 CVE-2024-31581 CVE-2024-31582 CVE-2024-31585 chromium: ffmpeg: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2275841
[ 3 ] Bug #2276116 - CVE-2023-49501 CVE-2023-49502 CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 chromium: ffmpeg: multiple vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276116
[ 4 ] Bug #2276123 - CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 chromium: ffmpeg: multiple vulnerabilites [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276123
[ 5 ] Bug #2276130 - CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 chromium: ffmpeg: multiple vulnerabilitites [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2276130
[ 6 ] Bug #2278765 - CVE-2024-4331 chromium: chromium-browser: Use after free in Picture In Picture [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278765
[ 7 ] Bug #2278766 - CVE-2024-4331 chromium: chromium-browser: Use after free in Picture In Picture [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278766
[ 8 ] Bug #2278770 - CVE-2024-4368 chromium: chromium-browser: Use after free in Dawn [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278770
[ 9 ] Bug #2278771 - CVE-2024-4368 chromium: chromium-browser: Use after free in Dawn [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2278771
[ 10 ] Bug #2279687 - CVE-2024-4559 chromium: chromium-browser: Heap buffer overflow in WebAudio [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279687
[ 11 ] Bug #2279688 - CVE-2024-4559 chromium: chromium-browser: Heap buffer overflow in WebAudio [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279688
[ 12 ] Bug #2279690 - CVE-2024-4558 chromium: chromium-browser: Use after free in ANGLE [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279690
[ 13 ] Bug #2279691 - CVE-2024-4558 chromium: chromium-browser: Use after free in ANGLE [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2279691
[ 14 ] Bug #2280247 - CVE-2024-4671 chromium: chromium-browser: use after free in Visuals [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280247
[ 15 ] Bug #2280590 - CVE-2024-4761 chromium: chromium-browser: Out of bounds write in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280590
[ 16 ] Bug #2280866 - CVE-2024-4950 chromium: chromium-browser: Inappropriate implementation in Downloads [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280866
[ 17 ] Bug #2280870 - CVE-2024-4949 chromium: chromium-browser: Use after free in V8 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2280870
[ 18 ] Bug #2282269 - headless_shell segfaults
https://bugzilla.redhat.com/show_bug.cgi?id=2282269
[ 19 ] Bug #2282818 - CVE-2024-5157 CVE-2024-5158 CVE-2024-5159 CVE-2024-5160 chromium: various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2282818
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update chromium' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------