[EPEL-devel] Fedora EPEL 8 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 8 Security updates need testing:
 Age  URL
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ac28924f8e   rpki-client-9.5-1.el8


The following builds have been pushed to Fedora EPEL 8 updates-testing

    cacti-1.2.30-1.el8
    cacti-spine-1.2.30-1.el8
    csdiff-3.5.4-1.el8
    csmock-3.8.1-1.el8
    mujs-1.0.9-2.el8
    python-specfile-0.35.0-1.el8
    radicale-3.5.1-3.el8
    tio-3.9-1.el8
    tor-0.4.8.16-1.el8
    trafficserver-9.2.10-1.el8
    whichfont-2.1.0-4.el8

Details about builds:


================================================================================
 cacti-1.2.30-1.el8 (FEDORA-EPEL-2025-ba03a05138)
 An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:

Update cacti and cacti-spine to version 1.2.30. This includes the upstream fixes
for many CVEs, including several remote code execution bugs.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 10 2025 Diego Herrera <dherrera@xxxxxxxxxxxxxxxxx> - 1.2.30-1
- Update to version 1.2.30
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2317098 - CVE-2024-43363 cacti: Remote code execution via Log Poisoning in Cacti [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2317098
  [ 2 ] Bug #2317101 - CVE-2024-43362 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2317101
  [ 3 ] Bug #2317105 - CVE-2024-43364 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2317105
  [ 4 ] Bug #2317108 - CVE-2024-43365 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2317108
  [ 5 ] Bug #2342333 - CVE-2024-45598 cacti: Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342333
  [ 6 ] Bug #2342339 - CVE-2025-24367 cacti: Cacti allows Arbitrary File Creation leading to RCE [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342339
  [ 7 ] Bug #2342354 - CVE-2025-24368 cacti: Cacti has a SQL Injection vulnerability when using tree rules through Automation API [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342354
  [ 8 ] Bug #2342357 - CVE-2025-22604 cacti: Cacti has Authenticated RCE via multi-line SNMP responses [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342357
  [ 9 ] Bug #2342359 - CVE-2024-54146 cacti: Cacti has a SQL Injection vulnerability when view host template [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342359
  [ 10 ] Bug #2342361 - CVE-2024-54145 cacti: Cacti has a SQL Injection vulnerability when request automation devices [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342361
  [ 11 ] Bug #2345160 - CVE-2025-26520 cacti: SQL Injection in Cacti [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2345160
--------------------------------------------------------------------------------


================================================================================
 cacti-spine-1.2.30-1.el8 (FEDORA-EPEL-2025-ba03a05138)
 Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:

Update cacti and cacti-spine to version 1.2.30. This includes the upstream fixes
for many CVEs, including several remote code execution bugs.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 11 2025 Diego Herrera <dherrera@xxxxxxxxxxxxxxxxx> - 1.2.30-1
- Update to version 1.2.30
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2317098 - CVE-2024-43363 cacti: Remote code execution via Log Poisoning in Cacti [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2317098
  [ 2 ] Bug #2317101 - CVE-2024-43362 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2317101
  [ 3 ] Bug #2317105 - CVE-2024-43364 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2317105
  [ 4 ] Bug #2317108 - CVE-2024-43365 cacti: Stored Cross-site Scripting (XSS) when creating external links in Cacti [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2317108
  [ 5 ] Bug #2342333 - CVE-2024-45598 cacti: Cacti has a Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342333
  [ 6 ] Bug #2342339 - CVE-2025-24367 cacti: Cacti allows Arbitrary File Creation leading to RCE [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342339
  [ 7 ] Bug #2342354 - CVE-2025-24368 cacti: Cacti has a SQL Injection vulnerability when using tree rules through Automation API [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342354
  [ 8 ] Bug #2342357 - CVE-2025-22604 cacti: Cacti has Authenticated RCE via multi-line SNMP responses [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342357
  [ 9 ] Bug #2342359 - CVE-2024-54146 cacti: Cacti has a SQL Injection vulnerability when view host template [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342359
  [ 10 ] Bug #2342361 - CVE-2024-54145 cacti: Cacti has a SQL Injection vulnerability when request automation devices [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2342361
  [ 11 ] Bug #2345160 - CVE-2025-26520 cacti: SQL Injection in Cacti [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2345160
--------------------------------------------------------------------------------


================================================================================
 csdiff-3.5.4-1.el8 (FEDORA-EPEL-2025-e91a42660a)
 Non-interactive tools for processing code scan results in plain-text
--------------------------------------------------------------------------------
Update Information:

update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 15 2025 Kamil Dudka <kdudka@xxxxxxxxxx> - 3.5.4-1
- update to latest upstream release
--------------------------------------------------------------------------------


================================================================================
 csmock-3.8.1-1.el8 (FEDORA-EPEL-2025-e91a42660a)
 A mock wrapper for Static Analysis tools
--------------------------------------------------------------------------------
Update Information:

update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 15 2025 Kamil Dudka <kdudka@xxxxxxxxxx> - 3.8.1-1
- update to latest upstream
--------------------------------------------------------------------------------


================================================================================
 mujs-1.0.9-2.el8 (FEDORA-EPEL-2025-141926b526)
 An embeddable Javascript interpreter
--------------------------------------------------------------------------------
Update Information:

Backport upstream fix for CVE-2021-33796.
https://nvd.nist.gov/vuln/detail/CVE-2021-33796
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 11 2025 Carl George <carlwgeorge@xxxxxxxxxxxxxxxxx> - 1.0.9-2
- Backport upstream fix for CVE-2021-33796 rhbz#2221274
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2221274 - CVE-2021-33796 mujs: Use-after-free in regexp source property access [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2221274
--------------------------------------------------------------------------------


================================================================================
 python-specfile-0.35.0-1.el8 (FEDORA-EPEL-2025-213e58e21a)
 A library for parsing and manipulating RPM spec files
--------------------------------------------------------------------------------
Update Information:

Automatic update for python-specfile-0.35.0-1.el8.
Changelog for python-specfile
* Sun Apr 13 2025 Packit <hello@xxxxxxxxxx> - 0.35.0-1
- Added support for creating Specfile instances from file objects and strings.
(#458)
- The `context_management` type stubs now use `ParamSpec` from
`typing_extensions` to support Python < 3.10. (#466)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Apr 13 2025 Packit <hello@xxxxxxxxxx> - 0.35.0-1
- Added support for creating Specfile instances from file objects and strings. (#458)
- The `context_management` type stubs now use `ParamSpec` from `typing_extensions` to support Python < 3.10. (#466)
--------------------------------------------------------------------------------


================================================================================
 radicale-3.5.1-3.el8 (FEDORA-EPEL-2025-bae5025627)
 A simple CalDAV (calendar) and CardDAV (contact) server
--------------------------------------------------------------------------------
Update Information:

Fix conditional dependency of shadow-utils introduced with 3.5.0-1
Fix missing user/group creation introduced with 3.5.0-1 (bz#2358635)
Update to 3.5.1
--------------------------------------------------------------------------------
ChangeLog:

* Sun Apr 13 2025 Peter Bieringer <pb@xxxxxxxxxxxx> - 3.5.1-3
- Fix conditional dependency of shadow-utils introduced with 3.5.0-1
* Mon Apr  7 2025 Peter Bieringer <pb@xxxxxxxxxxxx> - 3.5.1-2
- Fix missing user/group creation introduced with 3.5.0-1 (bz#2358635)
* Sat Apr  5 2025 Peter Bieringer <pb@xxxxxxxxxxxx> - 3.5.1-1
- Update to 3.5.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2357589 - radicale-3.5.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2357589
  [ 2 ] Bug #2358635 - radicale user is not created when dnf installs the package
        https://bugzilla.redhat.com/show_bug.cgi?id=2358635
--------------------------------------------------------------------------------


================================================================================
 tio-3.9-1.el8 (FEDORA-EPEL-2025-59add22d1e)
 Simple TTY terminal I/O application
--------------------------------------------------------------------------------
Update Information:

tio v3.9
Fix parsing of timestamp options
CodeQL: Upgrade to upload-artifact@v4
Update plaintext man page
Add character mapping examples
Fix pattern matching memory corruption
Don't add null characters to the expect buffer
They prevent regexec() from seeing the remainder of the buffer.
Disable stdout buffering globally
This makes it possible to pipe output to other programs cleanly.
Docs: edited the license date
Manpage: Fix backslash encoding
Literal backslash needs to be written as \e.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Apr 13 2025 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.9-1
- Upgrade to 3.9 (#2359218)
* Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2359218 - tio-3.9 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2359218
--------------------------------------------------------------------------------


================================================================================
 tor-0.4.8.16-1.el8 (FEDORA-EPEL-2025-dd9b870f88)
 Anonymizing overlay network for TCP
--------------------------------------------------------------------------------
Update Information:

update to latest upstream release https://forum.torproject.org/t/stable-
release-0-4-8-16/18062
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 11 2025 Marcel Härry <mh+fedora@xxxxxxxx> - 0.4.8.16-1
- update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-16/18062
* Sat Mar  1 2025 Marcel Härry <mh+fedora@xxxxxxxx> - 0.4.8.14-1
- update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-14/17242 (bz#2211726)
* Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.4.8.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 trafficserver-9.2.10-1.el8 (FEDORA-EPEL-2025-36ee2e808c)
 Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:

Resolves CVE-2024-53868
--------------------------------------------------------------------------------
ChangeLog:

* Sun Apr 13 2025 Jered Floyd <jered@xxxxxxxxxx> 9.2.10-1
- Update to upstream 9.2.10
- Resolves CVE-2024-53868
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2356761 - trafficserver-10.0.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2356761
  [ 2 ] Bug #2357159 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2357159
  [ 3 ] Bug #2357160 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [epel-9]
        https://bugzilla.redhat.com/show_bug.cgi?id=2357160
  [ 4 ] Bug #2357161 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2357161
  [ 5 ] Bug #2357162 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2357162
--------------------------------------------------------------------------------


================================================================================
 whichfont-2.1.0-4.el8 (FEDORA-EPEL-2025-ba3cc1d812)
 Querying Fontconfig
--------------------------------------------------------------------------------
Update Information:

Added --language (-l) CLI option to detect the default font for a given language
code, which detects and prints the default font family that supports the
specified language.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 15 2025 Sudip Shil <sshil@xxxxxxxxxx> - 2.1.0-0
- Added --language (-l) CLI option to detect the default font for a given language code, which detects and prints the default font family that supports the specified language.
- Introduced valid_langs[] array containing known language codes supported by fontconfig, Rejects invalid language codes early with a clear error message.
- Checks not only if a font is returned, but whether it actually supports the given language.
- Updated --help output to include usage for --language option.
- updated readme with installation, build section.
* Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------



-- 
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux