The following Fedora EPEL 7 Security updates need testing: Age URL 127 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a unrtf-0.21.9-8.el7 77 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7 61 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 52 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3a3c72c5e5 chromium-68.0.3440.106-3.el7 33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3492a96896 myrepos-1.20180726-1.el7 24 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc87c43cdd libbson-1.3.5-6.el7 17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c906338b6b libmad-0.15.1b-26.el7 17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f13feb5e4b sensible-utils-0.0.12-2.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-aa0030f9a1 php-horde-nag-4.2.19-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e8e2e2acac strongswan-5.7.1-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6e8b488d2 clamav-0.100.2-2.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a9ac6a18d2 libgit2-0.26.7-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
libuv-1.23.2-1.el7 mosquitto-1.5.3-1.el7 purple-facebook-0.9.5-11.9ff9acf9fa14.el7 s3fs-fuse-1.84-3.el7
Details about builds:
================================================================================ libuv-1.23.2-1.el7 (FEDORA-EPEL-2018-d797366c77) Platform layer for node.js -------------------------------------------------------------------------------- Update Information:
Update to the latest libuv 1.23.2 -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 11 2018 Stephen Gallagher sgallagh@redhat.com - 1.23.2-1 - Update to 1.23.2 - https://github.com/libuv/libuv/blob/v1.23.2/ChangeLog * Tue Sep 11 2018 Stephen Gallagher sgallagh@redhat.com - 1.23.0-1 - Update to 1.23.0 - https://github.com/libuv/libuv/blob/v1.23.0/ChangeLog --------------------------------------------------------------------------------
================================================================================ mosquitto-1.5.3-1.el7 (FEDORA-EPEL-2018-aa66b877bb) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information:
Release 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate log level to warning for situation when socket limit is hit. * Remove requirement to use `user root` in snap package config files. * Fix retained messages not sent by bridges on outgoing topics at the first connection. * Documentation fixes. * Fix duplicate clients being added to by_id hash before the old client was removed. * Fix Windows version not starting if include_dir did not contain any files. Build: * Various fixes to ease building. Further details here: http://mosquitto.org/ChangeLog.txt -------------------------------------------------------------------------------- ChangeLog:
* Sun Oct 14 2018 Peter Robinson pbrobinson@fedoraproject.org 1.5.3-1 - 1.5.3 release * Thu Sep 20 2018 Fabian Affolter mail@fabian-affolter.ch - 1.5.2-2 - Use WITH_BUNDLED_DEPS=no * Thu Sep 20 2018 Fabian Affolter mail@fabian-affolter.ch - 1.5.2-1 - Update to new upstream version 1.5.2 * Mon Aug 20 2018 Peter Robinson pbrobinson@fedoraproject.org 1.5.1-1 - 1.5.1 release * Fri Jul 20 2018 John W. Linville linville@redhat.com - 1.5-5 - Add previously unnecessary BuildRequires for gcc-c++ * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Sat May 26 2018 Rich Mattes richmattes@gmail.com - 1.5-3 - Add network-online.target and documentation to unitfile * Sat May 26 2018 Rich Mattes richmattes@gmail.com - 1.5-2 - Use upstream systemd service and enable systemd notification support (rhbz#1410654) * Sun May 20 2018 Fabian Affolter mail@fabian-affolter.ch - 1.5-2 - Update to new upstream version 1.5 (rhbz#1580115) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1588904 - CVE-2017-7654 mosquitto: Memory leak allows unauthenticated clients to send crafted CONNECT packets causing a denial of service [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1588904 [ 2 ] Bug #1588901 - CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1588901 --------------------------------------------------------------------------------
================================================================================ purple-facebook-0.9.5-11.9ff9acf9fa14.el7 (FEDORA-EPEL-2018-01af2ad74b) Facebook protocol plugin for purple2 -------------------------------------------------------------------------------- Update Information:
- Backported upstream patch for Facebook Work Chat. - Backported pull-request adding an option to show inactive friends as away. - Backported pull-request fixing compiler warnings. - Add disclaimer to %description. - Optimize sortability of patches. - Refactor patches for smooth alignment. -------------------------------------------------------------------------------- ChangeLog:
* Sat Oct 13 2018 Bj��rn Esser besser82@fedoraproject.org - 0.9.5-11.9ff9acf9fa14 - Backported upstream patch for Facebook Work Chat * Sat Oct 13 2018 Bj��rn Esser besser82@fedoraproject.org - 0.9.5-10.9ff9acf9fa14 - Optimize sortability of patches - Refactor patches for smooth alignment - Remove empty line from spec file * Fri Oct 5 2018 Bj��rn Esser besser82@fedoraproject.org - 0.9.5-9.9ff9acf9fa14 - Update Patch101 to match upstream PR * Thu Oct 4 2018 Bj��rn Esser besser82@fedoraproject.org - 0.9.5-8.9ff9acf9fa14 - Backported pull-request fixing compiler warnings * Thu Oct 4 2018 Bj��rn Esser besser82@fedoraproject.org - 0.9.5-7.9ff9acf9fa14 - Add disclaimer to %description * Thu Oct 4 2018 Bj��rn Esser besser82@fedoraproject.org - 0.9.5-6.9ff9acf9fa14 - Backported pull-request adding an option to show inactive friends as away * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 0.9.5-5.9ff9acf9fa14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ s3fs-fuse-1.84-3.el7 (FEDORA-EPEL-2018-9a65bf65cb) FUSE-based file system backed by Amazon S3 -------------------------------------------------------------------------------- Update Information:
Require fuse package on runtime to allow mounting with systemd, mount command or /etc/fstab (#1637669) -------------------------------------------------------------------------------- ChangeLog:
* Sun Oct 14 2018 Julio Gonzalez Gil git@juliogonzalez.es - 1.84-3 - Require fuse package on runtime to allow mounting with systemd, mount command or /etc/fstab (#1637669) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1637669 - s3fs unable to mount volumes via mount or systemd unless fuse package is installed https://bugzilla.redhat.com/show_bug.cgi?id=1637669 --------------------------------------------------------------------------------