The following Fedora EPEL 7 Security updates need testing:
Age URL
679 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
442 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
160 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7
144 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7
24 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92129d651d exim-4.88-2.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-770d2afc7d mingw-flac-1.3.2-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fbb2447c6e php-PHPMailer-5.2.22-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-80cfb13391 moodle-3.2.1-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3d29bf8e34 php-ZendFramework2-2.4.11-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f1acebb58b wordpress-4.7.1-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6ee140a6d3 fedmsg-0.18.2-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6e3dadcb1d pdns-recursor-3.7.4-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9bcc7b6164 mingw-nsis-3.01-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
R-Rcpp-0.12.9-1.el7
drush-8.1.9-1.el7
golang-github-jmespath-go-jmespath-0.2.2-0.1.gitbd40a43.el7
golang-github-spf13-cast-0-0.6.gite31f36f.el7
liblxqt-0.11.1-2.el7
lximage-qt-0.5.1-1.el7
lxqt-about-0.11.1-1.el7
lxqt-build-tools-0.3.2-1.el7
lxqt-common-0.11.1-1.el7
lxqt-config-0.11.1-2.el7
lxqt-globalkeys-0.11.1-1.el7
lxqt-notificationd-0.11.1-1.el7
lxqt-openssh-askpass-0.11.1-1.el7
lxqt-panel-0.11.1-1.el7
lxqt-policykit-0.11.1-1.el7
lxqt-powermanagement-0.11.1-1.el7
lxqt-qtplugin-0.11.1-1.el7
lxqt-runner-0.11.1-1.el7
lxqt-session-0.11.1-1.el7
lxqt-sudo-0.11.1-1.el7
mingw-nsis-3.01-1.el7
obconf-qt-0.11.1-1.el7
pavucontrol-qt-0.2.0-1.el7
pdns-recursor-3.7.4-1.el7
php-consolidation-annotated-command-2.2.2-1.el7
php-consolidation-output-formatters-3.1.6-1.el7
php-pear-Net-SMTP-1.7.3-1.el7
proftpd-1.3.5d-1.el7
rdfind-1.3.5-1.el7
root-6.08.04-1.el7
tlp-0.9-2.el7
Details about builds:
================================================================================
R-Rcpp-0.12.9-1.el7 (FEDORA-EPEL-2017-b8001df777)
Seamless R and C++ Integration
--------------------------------------------------------------------------------
Update Information:
http://dirk.eddelbuettel.com/blog/2017/01/15/#rcpp_0.12.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413514 - Version 0.12.9 is available, please update
https://bugzilla.redhat.com/show_bug.cgi?id=1413514
--------------------------------------------------------------------------------
================================================================================
drush-8.1.9-1.el7 (FEDORA-EPEL-2017-3b65c2e307)
Command line shell and scripting interface for Drupal
--------------------------------------------------------------------------------
Update Information:
# drush ### 8.1.9 * Compatible with Drush master and its many Annotated
Commands. * Fix login destination for `drush uli` * Expand sql-sanitize to cover
more User fields * More robust cache-clear [#2512](https://github.com/drush-
ops/drush/pull/2512) * Introduce storage filter hook for config_split and others
* [Changes since 8.1.8](https://github.com/drush-
ops/drush/compare/8.1.8...8.1.9) # php-consolidation-annotated-command ###
2.2.1 ~ 2.2.2 - 15 Dec 2016 - Bugfix: Allow trailing backslashes in namespaces
in CommandFileDiscovery - Bugfix: Rename @topic to @topics ### 2.2.0 - 23
November 2016 - Support custom events - Add xml and json output for replacement
help command. Text / html format for replacement help command not available yet.
### 2.1.0 - 14 November 2016 - Add support for output formatter wordwrapping -
Fix version requirement for output-formatters in composer.json - Use output-
formatters ~3 - Move php_codesniffer back to require-dev (moved to require by
mistake) # php-consolidation-output-formatters ### 3.1.6 - 8 January 2017 *
Move victorjonsson/markdowndocs to require-dev. ### 3.1.5 - 23 November 2016 -
When converting from XML to an array, use the 'id' or 'name' element as the
array key value. ### 3.1.4 - 20 November 2016 - Add a 'list delimiter'
formatter option, so that we can create a Drush-style table for property lists.
### 3.1.1 ~ 3.1.3 - 18 November 2016 - Fine-tune wordwrapping. ### 3.1.0 - 17
November 2016 - Add wordwrapping to table formatter. ### 3.0.0 - 14 November
2016 - **Breaking** The RenderCellInterface is now provided a reference to the
entire row data. Existing clients need only add the new parameter to their
method defnition to update. - Rename AssociativeList to PropertyList, as many
people seemed to find the former name confusing. AssociativeList is still
available for use to preserve backwards compatibility, but it is deprecated.
### 2.1.0 - 7 November 2016 - Add RenderCellCollections to structured lists, so
that commands may add renderers to structured data without defining a new
structured data subclass. - Throw an exception if the client requests a field
that does not exist. - Remove unwanted extra layer of nesting when formatting an
PropertyList with an array formatter (json, yaml, etc.).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413321 - drush-8.1.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413321
[ 2 ] Bug #1395001 - php-consolidation-annotated-command-2.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1395001
[ 3 ] Bug #1392720 - php-consolidation-output-formatters-3.1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1392720
--------------------------------------------------------------------------------
================================================================================
golang-github-jmespath-go-jmespath-0.2.2-0.1.gitbd40a43.el7 (FEDORA-EPEL-2017-c976666327)
Golang implementation of JMESPath
--------------------------------------------------------------------------------
Update Information:
Bump to upstream bd40a432e4c76585ef6b72d3fd96fb9b6dc7b68d ---- First package
for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413287 - Tracker for golang-github-jmespath-go-jmespath
https://bugzilla.redhat.com/show_bug.cgi?id=1413287
[ 2 ] Bug #1297550 - Review Request: golang-github-jmespath-go-jmespath - Golang implementation of JMESPath
https://bugzilla.redhat.com/show_bug.cgi?id=1297550
--------------------------------------------------------------------------------
================================================================================
golang-github-spf13-cast-0-0.6.gite31f36f.el7 (FEDORA-EPEL-2017-c064184378)
Safe and easy casting from one type to another in Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream e31f36ffc91a2ba9ddb72a4b6a607ff9b3d3cb63
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413617 - Tracker for golang-github-spf13-cast
https://bugzilla.redhat.com/show_bug.cgi?id=1413617
--------------------------------------------------------------------------------
================================================================================
liblxqt-0.11.1-2.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Core shared library for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lximage-qt-0.5.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
The image viewer and screenshot tool for LXQt
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-about-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
About application for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-build-tools-0.3.2-1.el7 (FEDORA-EPEL-2017-fad6f3d6a0)
Packaging tools for LXQt
--------------------------------------------------------------------------------
Update Information:
Initial import
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409660 - Review Request: lxqt-build-tools - Packaging tools for LXQt
https://bugzilla.redhat.com/show_bug.cgi?id=1409660
--------------------------------------------------------------------------------
================================================================================
lxqt-common-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Common resources for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-config-0.11.1-2.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Config tools for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-globalkeys-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Global keys utility for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-notificationd-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Notification daemon for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-openssh-askpass-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Askpass openssh transition dialog for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-panel-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Main panel bar for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-policykit-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
PolicyKit agent for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-powermanagement-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Powermanagement daemon for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-qtplugin-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Qt plugin framework for LXQt Desktop Suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-runner-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Application runner agent for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-session-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Main session for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
lxqt-sudo-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
GUI frontend for sudo/su
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
mingw-nsis-3.01-1.el7 (FEDORA-EPEL-2017-9bcc7b6164)
Nullsoft Scriptable Install System
--------------------------------------------------------------------------------
Update Information:
New upstream version 3.01.
--------------------------------------------------------------------------------
================================================================================
obconf-qt-0.11.1-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
A configuration editor for the OpenBox window manager
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
pavucontrol-qt-0.2.0-1.el7 (FEDORA-EPEL-2017-2bab9c5e7d)
Qt port of volume control pavucontrol
--------------------------------------------------------------------------------
Update Information:
LXQt 0.11.1 update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403560 - obconf-qt-0.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403560
--------------------------------------------------------------------------------
================================================================================
pdns-recursor-3.7.4-1.el7 (FEDORA-EPEL-2017-6e3dadcb1d)
Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-2120, CVE-2016-7068, CVE-2016-7072, CVE-2016-7073,
CVE-2016-7074
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413517 - CVE-2016-2120 CVE-2016-7068 CVE-2016-7072 CVE-2016-7073 CVE-2016-7074 pdns: Multiple security vulnerabilities fixed in latest versions
https://bugzilla.redhat.com/show_bug.cgi?id=1413517
--------------------------------------------------------------------------------
================================================================================
php-consolidation-annotated-command-2.2.2-1.el7 (FEDORA-EPEL-2017-3b65c2e307)
Initialize Symfony Console commands from annotated command class methods
--------------------------------------------------------------------------------
Update Information:
# drush ### 8.1.9 * Compatible with Drush master and its many Annotated
Commands. * Fix login destination for `drush uli` * Expand sql-sanitize to cover
more User fields * More robust cache-clear [#2512](https://github.com/drush-
ops/drush/pull/2512) * Introduce storage filter hook for config_split and others
* [Changes since 8.1.8](https://github.com/drush-
ops/drush/compare/8.1.8...8.1.9) # php-consolidation-annotated-command ###
2.2.1 ~ 2.2.2 - 15 Dec 2016 - Bugfix: Allow trailing backslashes in namespaces
in CommandFileDiscovery - Bugfix: Rename @topic to @topics ### 2.2.0 - 23
November 2016 - Support custom events - Add xml and json output for replacement
help command. Text / html format for replacement help command not available yet.
### 2.1.0 - 14 November 2016 - Add support for output formatter wordwrapping -
Fix version requirement for output-formatters in composer.json - Use output-
formatters ~3 - Move php_codesniffer back to require-dev (moved to require by
mistake) # php-consolidation-output-formatters ### 3.1.6 - 8 January 2017 *
Move victorjonsson/markdowndocs to require-dev. ### 3.1.5 - 23 November 2016 -
When converting from XML to an array, use the 'id' or 'name' element as the
array key value. ### 3.1.4 - 20 November 2016 - Add a 'list delimiter'
formatter option, so that we can create a Drush-style table for property lists.
### 3.1.1 ~ 3.1.3 - 18 November 2016 - Fine-tune wordwrapping. ### 3.1.0 - 17
November 2016 - Add wordwrapping to table formatter. ### 3.0.0 - 14 November
2016 - **Breaking** The RenderCellInterface is now provided a reference to the
entire row data. Existing clients need only add the new parameter to their
method defnition to update. - Rename AssociativeList to PropertyList, as many
people seemed to find the former name confusing. AssociativeList is still
available for use to preserve backwards compatibility, but it is deprecated.
### 2.1.0 - 7 November 2016 - Add RenderCellCollections to structured lists, so
that commands may add renderers to structured data without defining a new
structured data subclass. - Throw an exception if the client requests a field
that does not exist. - Remove unwanted extra layer of nesting when formatting an
PropertyList with an array formatter (json, yaml, etc.).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413321 - drush-8.1.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413321
[ 2 ] Bug #1395001 - php-consolidation-annotated-command-2.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1395001
[ 3 ] Bug #1392720 - php-consolidation-output-formatters-3.1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1392720
--------------------------------------------------------------------------------
================================================================================
php-consolidation-output-formatters-3.1.6-1.el7 (FEDORA-EPEL-2017-3b65c2e307)
Format text by applying transformations provided by plug-in formatters
--------------------------------------------------------------------------------
Update Information:
# drush ### 8.1.9 * Compatible with Drush master and its many Annotated
Commands. * Fix login destination for `drush uli` * Expand sql-sanitize to cover
more User fields * More robust cache-clear [#2512](https://github.com/drush-
ops/drush/pull/2512) * Introduce storage filter hook for config_split and others
* [Changes since 8.1.8](https://github.com/drush-
ops/drush/compare/8.1.8...8.1.9) # php-consolidation-annotated-command ###
2.2.1 ~ 2.2.2 - 15 Dec 2016 - Bugfix: Allow trailing backslashes in namespaces
in CommandFileDiscovery - Bugfix: Rename @topic to @topics ### 2.2.0 - 23
November 2016 - Support custom events - Add xml and json output for replacement
help command. Text / html format for replacement help command not available yet.
### 2.1.0 - 14 November 2016 - Add support for output formatter wordwrapping -
Fix version requirement for output-formatters in composer.json - Use output-
formatters ~3 - Move php_codesniffer back to require-dev (moved to require by
mistake) # php-consolidation-output-formatters ### 3.1.6 - 8 January 2017 *
Move victorjonsson/markdowndocs to require-dev. ### 3.1.5 - 23 November 2016 -
When converting from XML to an array, use the 'id' or 'name' element as the
array key value. ### 3.1.4 - 20 November 2016 - Add a 'list delimiter'
formatter option, so that we can create a Drush-style table for property lists.
### 3.1.1 ~ 3.1.3 - 18 November 2016 - Fine-tune wordwrapping. ### 3.1.0 - 17
November 2016 - Add wordwrapping to table formatter. ### 3.0.0 - 14 November
2016 - **Breaking** The RenderCellInterface is now provided a reference to the
entire row data. Existing clients need only add the new parameter to their
method defnition to update. - Rename AssociativeList to PropertyList, as many
people seemed to find the former name confusing. AssociativeList is still
available for use to preserve backwards compatibility, but it is deprecated.
### 2.1.0 - 7 November 2016 - Add RenderCellCollections to structured lists, so
that commands may add renderers to structured data without defining a new
structured data subclass. - Throw an exception if the client requests a field
that does not exist. - Remove unwanted extra layer of nesting when formatting an
PropertyList with an array formatter (json, yaml, etc.).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413321 - drush-8.1.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413321
[ 2 ] Bug #1395001 - php-consolidation-annotated-command-2.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1395001
[ 3 ] Bug #1392720 - php-consolidation-output-formatters-3.1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1392720
--------------------------------------------------------------------------------
================================================================================
php-pear-Net-SMTP-1.7.3-1.el7 (FEDORA-EPEL-2017-f64c444431)
Provides an implementation of the SMTP protocol
--------------------------------------------------------------------------------
Update Information:
**Version 1.7.3** - Fix MIME boundary size calculation (#34) - Workaround
E_DEPRECATED warning on Auth_SASL::factory() call (#29)
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.5d-1.el7 (FEDORA-EPEL-2017-ab03747d9e)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
Cumulative bug-fix release from upstream.
--------------------------------------------------------------------------------
================================================================================
rdfind-1.3.5-1.el7 (FEDORA-EPEL-2017-0e6638cc4e)
Program that finds duplicate files
--------------------------------------------------------------------------------
Update Information:
add LICENSE file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1408620 - Review Request: rdfind - Program that finds duplicate files
https://bugzilla.redhat.com/show_bug.cgi?id=1408620
--------------------------------------------------------------------------------
================================================================================
root-6.08.04-1.el7 (FEDORA-EPEL-2017-31d707f653)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
- Update to 6.08.04 https://root.cern.ch/doc/v608/release-
notes.html#release-6.0804 - Fix broken TPad::WaitPrimitive (backport from git)
rhbz#1412569 - Rebuild for gcc 6.3 rhbz#1379639
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1379639 - Segfault with TGeo (and others) triggered by c++config.h in libstdc++-devel
https://bugzilla.redhat.com/show_bug.cgi?id=1379639
[ 2 ] Bug #1412569 - Upstream bug in root 6.08/2
https://bugzilla.redhat.com/show_bug.cgi?id=1412569
--------------------------------------------------------------------------------
================================================================================
tlp-0.9-2.el7 (FEDORA-EPEL-2017-9e15663376)
Advanced power management tool for Linux
--------------------------------------------------------------------------------
Update Information:
Properly mask rfkill service to avoid conflicts with TLP's radio options you
should mask the systemd-rfkill service
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1411147 - tlp: deprecated workaround to disable systemd-rfkill@.service
https://bugzilla.redhat.com/show_bug.cgi?id=1411147
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
678 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
440 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
159 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7
143 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7
22 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bb32162e83 php-swiftmailer-5.4.5-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92129d651d exim-4.88-2.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-770d2afc7d mingw-flac-1.3.2-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fbb2447c6e php-PHPMailer-5.2.22-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-80cfb13391 moodle-3.2.1-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3d29bf8e34 php-ZendFramework2-2.4.11-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f1acebb58b wordpress-4.7.1-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6ee140a6d3 fedmsg-0.18.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
fldigi-3.23.20-1.el7
git-cola-2.10-1.el7
golang-github-spf13-jWalterWeatherman-0-0.6.git33c24e7.el7
golang-github-stretchr-objx-0-0.8.gitcbeaeb1.el7
golang-github-stretchr-testify-1.0-0.7.git089c718.el7
lsyncd-2.2.1-1.el7
xfce4-weather-plugin-0.8.8-2.el7
Details about builds:
================================================================================
fldigi-3.23.20-1.el7 (FEDORA-EPEL-2017-eb7ae97838)
Digital modem program for Linux
--------------------------------------------------------------------------------
Update Information:
Version 3.23.20 * Maintenance release N3FJP Winter FD * Modified N3FJP
Field Day recognition - summer, ARRL Field Day Event - winter, WFDA
Field Day contest FELD raster display * make marquee scrolling a user
option * make vertical and horizontal character size user selectable -
configuration changes can be made without resorting to a program restart
- may require increasing size of Rx/Tx panels * added user selectable Hell
AGC ARQ PTT * Modified ARQ ptt calls to use REQ(...) NEW micro modes
* Micro modes for 2200m, 600m, 160m and higher bands - Added DominoEX Micro
( 100% copy @ -15db SNR ) - Added THOR Micro ( 100% copy @ -18db SNR )
- Modes are comparable to Olivia in weak-signal performance but have a
much narrower 36Hz bandwidth suitible for usage on the new LF (~136KHz) &
MF (~475KHz) "sliver bands" Socket connect * Corrected socket
connect/fail processing in ::socket class - modified N3FJP socket
connect function ---- Version 3.23.19 * Maintenance release pskreporter
query * Added mode dependent query for band activity report Text
highlight * Change selected text highlight to reverse text/background
colors. Applicable to all controls that use the Fl_Text_Display class
DX cluster improvements * Provide frequency report rounding to nearest 100
Hz when the [0..99] Hz report is not enabled. N3FJP generic contest
* Added generic contest exchange transfer to N3FJP applications * Limit
n3fjp socket failure report to first occurrence Note: you should install this
version if you plan on using fldigi in combination with the N3FJP ARRL RTTY
Roundup Logger
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410960 - fldigi-3.23.20 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1410960
[ 2 ] Bug #1408447 - fldigi-3.23.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1408447
--------------------------------------------------------------------------------
================================================================================
git-cola-2.10-1.el7 (FEDORA-EPEL-2017-151cb7ad1c)
A sleek and powerful git GUI
--------------------------------------------------------------------------------
Update Information:
Update git-cola to 2.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1398300 - git-cola-v2.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1398300
[ 2 ] Bug #1413259 - git-cola 2.9 is unusable, always hangs if maximized
https://bugzilla.redhat.com/show_bug.cgi?id=1413259
[ 3 ] Bug #1400637 - [abrt] git-cola: cmds.py:1856:do:TypeError: __init__() takes 1 positional argument but 2 were given
https://bugzilla.redhat.com/show_bug.cgi?id=1400637
[ 4 ] Bug #1413277 - git-cola-2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413277
--------------------------------------------------------------------------------
================================================================================
golang-github-spf13-jWalterWeatherman-0-0.6.git33c24e7.el7 (FEDORA-EPEL-2017-8562dd480b)
So you always leave a note
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 33c24e77fb80341fe7130ee7c594256ff08ccc46
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413107 - Tracker for golang-github-spf13-jWalterWeatherman
https://bugzilla.redhat.com/show_bug.cgi?id=1413107
--------------------------------------------------------------------------------
================================================================================
golang-github-stretchr-objx-0-0.8.gitcbeaeb1.el7 (FEDORA-EPEL-2017-290425926e)
Go package for dealing with maps, slices, JSON and other data
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250514 - Tracker for golang-github-stretchr-objx
https://bugzilla.redhat.com/show_bug.cgi?id=1250514
--------------------------------------------------------------------------------
================================================================================
golang-github-stretchr-testify-1.0-0.7.git089c718.el7 (FEDORA-EPEL-2017-5e534a6b44)
Tools for testifying that your code will behave as you intend
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246684 - Tracker for golang-github-stretchr-testify
https://bugzilla.redhat.com/show_bug.cgi?id=1246684
--------------------------------------------------------------------------------
================================================================================
lsyncd-2.2.1-1.el7 (FEDORA-EPEL-2017-2d46983f2e)
File change monitoring and synchronization daemon
--------------------------------------------------------------------------------
Update Information:
updated to latest upstream (resolves #1383855)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1383855 - lsyncd 2.1.6 is available, fixes security vulnerability CVE-2014-8990
https://bugzilla.redhat.com/show_bug.cgi?id=1383855
[ 2 ] Bug #1369274 - lsyncd crash due to improper shell wrapping in systemd unit
https://bugzilla.redhat.com/show_bug.cgi?id=1369274
--------------------------------------------------------------------------------
================================================================================
xfce4-weather-plugin-0.8.8-2.el7 (FEDORA-EPEL-2017-e99511ecb3)
Weather plugin for the Xfce panel
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.8 (new api to connect to met.no)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413200 - Xfce4-weather-plugin 0.8.6 is outdated, version 0.8.7 has been available since 2016-04-21
https://bugzilla.redhat.com/show_bug.cgi?id=1413200
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
677 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
439 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
158 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7
141 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7
21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0fa3a954b0 borgbackup-1.0.9-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bb32162e83 php-swiftmailer-5.4.5-1.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92129d651d exim-4.88-2.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-770d2afc7d mingw-flac-1.3.2-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fbb2447c6e php-PHPMailer-5.2.22-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-80cfb13391 moodle-3.2.1-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3d29bf8e34 php-ZendFramework2-2.4.11-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f1acebb58b wordpress-4.7.1-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6ee140a6d3 fedmsg-0.18.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
bodhi-2.3.3-2.el7
fedfind-3.2.5-1.el7
fedmsg-0.18.2-1.el7
golang-github-davecgh-go-spew-0-0.10.git3e6e67c.el7
golang-github-hashicorp-hcl-0-0.10.gitef8133d.el7
golang-github-magiconair-properties-1.5.3-5.el7
golang-github-mitchellh-mapstructure-0-0.13.gitca63d7c.el7
golang-github-spf13-pflag-0-0.16.gitc7e63cf.el7
golang-googlecode-go-crypto-0-0.13.git81372b2.el7
golang-googlecode-text-0-0.16.git04b8648.el7
python-fedmsg-atomic-composer-2016.3-1.el7
uwsgi-2.0.14-6.el7
Details about builds:
================================================================================
bodhi-2.3.3-2.el7 (FEDORA-EPEL-2016-cd060eeb3c)
A modular framework that facilitates publishing software updates
--------------------------------------------------------------------------------
Update Information:
Update python-fedmsg-atomic-composer to [2016.3](https://github.com/fedora-infra
/fedmsg-atomic-composer/releases/tag/2016.3) and bodhi to
[2.3.0](https://github.com/fedora-infra/bodhi/releases/tag/2.3.0). Update bodhi
to [2.3.1](https://github.com/fedora-infra/bodhi/releases/tag/2.3.1).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389519 - bodhi-server and bodhi-client don't include the release in their Requires on python2-bodhi
https://bugzilla.redhat.com/show_bug.cgi?id=1389519
--------------------------------------------------------------------------------
================================================================================
fedfind-3.2.5-1.el7 (FEDORA-EPEL-2017-46580dcf29)
Fedora Finder finds Fedora
--------------------------------------------------------------------------------
Update Information:
This update provides a new version of fedfind with support for the new stable
nightly Docker composes (they contain only Docker base images for a couple of
arches).
--------------------------------------------------------------------------------
================================================================================
fedmsg-0.18.2-1.el7 (FEDORA-EPEL-2017-6ee140a6d3)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
Fix validation logic in the base consumer The base consumer is intended to only
derive its validation switch from the on-disk configuration if the child class
doesn't override the validate_signatures switch. There was a bug here where the
default value provided in the base class made it appear as if *all* child
consumers had turned *off* validation, which is incorrect. This fix turns on
signature validation by default while preserving the ability of child consumers
to override the on-disk configuration in special cases. - Fixes:
CVE-2017-1000001 - Reviewed-by: Patrick Uiterwijk
--------------------------------------------------------------------------------
================================================================================
golang-github-davecgh-go-spew-0-0.10.git3e6e67c.el7 (FEDORA-EPEL-2017-67b8cdcd9e)
Deep pretty printer for Go data structures to aid in debug
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248791 - Tracker for golang-github-davecgh-go-spew
https://bugzilla.redhat.com/show_bug.cgi?id=1248791
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-hcl-0-0.10.gitef8133d.el7 (FEDORA-EPEL-2017-78a5afc356)
HCL is a configuration language
--------------------------------------------------------------------------------
Update Information:
Bump to upstream ef8133da8cda503718a74741312bf50821e6de79
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250468 - Tracker for golang-github-hashicorp-hcl
https://bugzilla.redhat.com/show_bug.cgi?id=1250468
--------------------------------------------------------------------------------
================================================================================
golang-github-magiconair-properties-1.5.3-5.el7 (FEDORA-EPEL-2017-bbfc0a6da8)
Java properties scanner for Go
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413067 - Tracker for golang-github-magiconair-properties
https://bugzilla.redhat.com/show_bug.cgi?id=1413067
--------------------------------------------------------------------------------
================================================================================
golang-github-mitchellh-mapstructure-0-0.13.gitca63d7c.el7 (FEDORA-EPEL-2017-62e17f2dc4)
Go library for decoding generic map values into native Go structures
--------------------------------------------------------------------------------
Update Information:
Bump to upstream ca63d7c062ee3c9f34db231e352b60012b4fd0c1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1243892 - Tracker for golang-github-mitchellh-mapstructure
https://bugzilla.redhat.com/show_bug.cgi?id=1243892
--------------------------------------------------------------------------------
================================================================================
golang-github-spf13-pflag-0-0.16.gitc7e63cf.el7 (FEDORA-EPEL-2017-7a60dada5c)
Replacement for Go's flag package
--------------------------------------------------------------------------------
Update Information:
Bump to upstream c7e63cf4530bcd3ba943729cee0efeff2ebea63f
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214731 - Tracker for golang-github-spf13-pflag
https://bugzilla.redhat.com/show_bug.cgi?id=1214731
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-go-crypto-0-0.13.git81372b2.el7 (FEDORA-EPEL-2017-94c4b52a1e)
Supplementary Go cryptography libraries
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 81372b2fc2f10bef2a7f338da115c315a56b2726 ---- Polish the spec
file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1231618 - Tracker for golang-googlecode-go-crypto
https://bugzilla.redhat.com/show_bug.cgi?id=1231618
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-text-0-0.16.git04b8648.el7 (FEDORA-EPEL-2017-510dbeda14)
Supplementary Go text libraries
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 04b8648d973c126ae60143b3e1473bc1576c7597 ---- Polish the spec
file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1254601 - Tracker for golang-googlecode-text
https://bugzilla.redhat.com/show_bug.cgi?id=1254601
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-atomic-composer-2016.3-1.el7 (FEDORA-EPEL-2016-cd060eeb3c)
Composes atomic trees when Fedora repositories are updated
--------------------------------------------------------------------------------
Update Information:
Update python-fedmsg-atomic-composer to [2016.3](https://github.com/fedora-infra
/fedmsg-atomic-composer/releases/tag/2016.3) and bodhi to
[2.3.0](https://github.com/fedora-infra/bodhi/releases/tag/2.3.0). Update bodhi
to [2.3.1](https://github.com/fedora-infra/bodhi/releases/tag/2.3.1).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389519 - bodhi-server and bodhi-client don't include the release in their Requires on python2-bodhi
https://bugzilla.redhat.com/show_bug.cgi?id=1389519
--------------------------------------------------------------------------------
================================================================================
uwsgi-2.0.14-6.el7 (FEDORA-EPEL-2017-37685faf8d)
Fast, self-healing, application container server
--------------------------------------------------------------------------------
Update Information:
Adding the cheaper_busyness plugin (Jorge Gallegos)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413076 - Package uwsgi busyness ("cheaper_busyness") plugin
https://bugzilla.redhat.com/show_bug.cgi?id=1413076
--------------------------------------------------------------------------------
The following Fedora EPEL 5 Security updates need testing:
Age URL
795 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5
438 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5
410 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5
20 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ce45574ab6 libbsd-0.8.3-2.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e541856e99 wordpress-4.7.1-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
prosody-0.9.12-1.el5
wordpress-4.7.1-1.el5
Details about builds:
================================================================================
prosody-0.9.12-1.el5 (FEDORA-EPEL-2017-d29ce64182)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.12 ============== A summary of changes in this release: *
Dependencies: Fix certificate verification failures when using LuaSec 0.6 (fixes
#781) * mod_s2s: Lower log message to 'warn' level, standard for remotely-
triggered protocol issues * certs/Makefile: Remove -c flag from chmod call (a
GNU extension) * Networking: Prevent writes after a handler is closed (fixes
#783)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412102 - prosody-0.9.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1412102
--------------------------------------------------------------------------------
================================================================================
wordpress-4.7.1-1.el5 (FEDORA-EPEL-2017-e541856e99)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.7.1** Security and Maintenance Release This is a security release
for all previous versions and we strongly encourage you to update your sites
immediately. WordPress versions 4.7 and earlier are affected by eight security
issues: * Remote code execution (RCE) in PHPMailer ��� No specific issue
appears to affect WordPress or any of the major plugins we investigated but, out
of an abundance of caution, we updated PHPMailer in this release. This issue was
reported to PHPMailer by Dawid Golunski and Paul Buonopane. * The REST API
exposed user data for all users who had authored a post of a public post type.
WordPress 4.7.1 limits this to only post types which have specified that they
should be shown within the REST API. Reported by Krogsgard and Chris Jean. *
Cross-site scripting (XSS) via the plugin name or version header on update-
core.php. Reported by Dominik Schilling of the WordPress Security Team. *
Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by
Abdullah Hussam. * Cross-site scripting (XSS) via theme name fallback.
Reported by Mehmet Ince. * Post via email checks mail.example.com if default
settings aren���t changed. Reported by John Blackbourn of the WordPress Security
Team. * A cross-site request forgery (CSRF) was discovered in the
accessibility mode of widget editing. Reported by Ronnie Skansing. * Weak
cryptographic security for multisite activation key. Reported by Jack. Thank
you to the reporters for practicing responsible disclosure. In addition to the
security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more
information, see the [release notes](https://codex.wordpress.org/Version_4.7.1)
or consult the [list of
changes](https://core.trac.wordpress.org/query?milestone=4.7.1).
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
676 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
438 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
157 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7
140 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7
20 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0fa3a954b0 borgbackup-1.0.9-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bb32162e83 php-swiftmailer-5.4.5-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92129d651d exim-4.88-2.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-770d2afc7d mingw-flac-1.3.2-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fbb2447c6e php-PHPMailer-5.2.22-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-80cfb13391 moodle-3.2.1-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3d29bf8e34 php-ZendFramework2-2.4.11-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f1acebb58b wordpress-4.7.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
RBTools-0.7.8-1.el7.1
drupal7-honeypot-1.22-1.el7
flr-0.0.1-1.el7
golang-github-go-ini-ini-1.21.1-0.1.git6e4869b.el7
golang-github-hashicorp-errwrap-0-0.5.git7554cd9.el7
golang-github-hashicorp-go-multierror-0-0.9.gitd30f099.el7
golang-github-jtolds-gls-0-0.7.git9a4a02d.el7
golang-github-smartystreets-assertions-1.6.0-0.3.git287b434.el7
golang-github-smartystreets-goconvey-1.6.1-0.3.gitbf58a9a.el7
hitch-1.4.4-2.el7
mongodb-2.6.12-4.el7
pcre2-10.21-12.el7
perl-Net-UPnP-1.4.3-5.el7
perl-PHP-Serialization-0.34-16.el7
php-pdepend-PHP-Depend-2.4.1-1.el7
plplot-5.10.0-10.el7
prosody-0.9.12-1.el7
python-argcomplete-1.7.0-1.el7
python-cvss-1.7-1.el7
python-plumbum-1.6.0-5.el7
qpdfview-0.4.16-3.el7
webalizer-2.23_08-6.el7
wordpress-4.7.1-1.el7
youtube-dl-2017.01.10-1.el7
Details about builds:
================================================================================
RBTools-0.7.8-1.el7.1 (FEDORA-EPEL-2017-543894053e)
Tools for use with ReviewBoard
--------------------------------------------------------------------------------
Update Information:
https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.8/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409935 - [abrt] RBTools: __init__.py:829:resolve:DistributionNotFound: The 'tqdm' distribution was not found and is required by RBTools
https://bugzilla.redhat.com/show_bug.cgi?id=1409935
--------------------------------------------------------------------------------
================================================================================
drupal7-honeypot-1.22-1.el7 (FEDORA-EPEL-2017-5ff4608619)
Mitigates spam form submissions using the honeypot method
--------------------------------------------------------------------------------
Update Information:
Honeypot uses both the honeypot and timestamp methods of deterring spam bots
from completing forms on your Drupal site (read more here). These methods are
effective against many spam bots, and are not as intrusive as CAPTCHAs or other
methods which punish the user [YouTube]. The module currently supports enabling
for all forms on the site, or particular forms like user registration or
password reset forms, webforms, contact forms, node forms, and comment forms.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1100973 - Review Request: drupal7-honeypot - Honeypot uses both the honeypot and timestamp methods of deterring spam bots
https://bugzilla.redhat.com/show_bug.cgi?id=1100973
--------------------------------------------------------------------------------
================================================================================
flr-0.0.1-1.el7 (FEDORA-EPEL-2017-60de8b663b)
Fedora Releng python libraries and command line tools
--------------------------------------------------------------------------------
Update Information:
First release of flr for Fedora.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1411502 - Review Request: flr - Fedora RelEng python libraries and command line tools
https://bugzilla.redhat.com/show_bug.cgi?id=1411502
--------------------------------------------------------------------------------
================================================================================
golang-github-go-ini-ini-1.21.1-0.1.git6e4869b.el7 (FEDORA-EPEL-2017-7dace4bddf)
Package ini provides INI file read and write functionality in Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 6e4869b434bd001f6983749881c7ead3545887d8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412590 - Tracker for golang-github-go-ini-ini
https://bugzilla.redhat.com/show_bug.cgi?id=1412590
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-errwrap-0-0.5.git7554cd9.el7 (FEDORA-EPEL-2017-8af304255b)
Errwrap is a Go (golang) library for wrapping and querying errors
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412620 - Tracker for golang-github-hashicorp-errwrap
https://bugzilla.redhat.com/show_bug.cgi?id=1412620
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-go-multierror-0-0.9.gitd30f099.el7 (FEDORA-EPEL-2017-d1479a5265)
Package for representing a list of errors as a single error
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250466 - Tracker for golang-github-hashicorp-go-multierror
https://bugzilla.redhat.com/show_bug.cgi?id=1250466
--------------------------------------------------------------------------------
================================================================================
golang-github-jtolds-gls-0-0.7.git9a4a02d.el7 (FEDORA-EPEL-2017-f885c95e0c)
Goroutine local storage
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250490 - Tracker for golang-github-jtolds-gls
https://bugzilla.redhat.com/show_bug.cgi?id=1250490
--------------------------------------------------------------------------------
================================================================================
golang-github-smartystreets-assertions-1.6.0-0.3.git287b434.el7 (FEDORA-EPEL-2017-02038a0609)
Fluent assertion-style functions
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250509 - Tracker for golang-github-smartystreets-assertions
https://bugzilla.redhat.com/show_bug.cgi?id=1250509
--------------------------------------------------------------------------------
================================================================================
golang-github-smartystreets-goconvey-1.6.1-0.3.gitbf58a9a.el7 (FEDORA-EPEL-2017-789eeeb6ad)
Behavioral testing in the browser, integrates with go test
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250511 - Tracker for golang-github-smartystreets-goconvey
https://bugzilla.redhat.com/show_bug.cgi?id=1250511
--------------------------------------------------------------------------------
================================================================================
hitch-1.4.4-2.el7 (FEDORA-EPEL-2017-9ca0efb2d7)
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:
New upstream release. A bugfix and comptibility release. From the upstream
changelog: * OpenSSL 1.1.0 compatibility fixes. OpenSSL 1.1.0 is now fully
supported with Hitch. * Fix a bug in the OCSP refresh code that could make it
loop with immediate refreshes flooding an OCSP responder. * Force the
SSL_OP_SINGLE_DH_USE setting. This protects against an OpenSSL vulnerability
where a remote attacker could discover private DH exponents (CVE-2016-0701).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405948 - OSCP stapling not working by default
https://bugzilla.redhat.com/show_bug.cgi?id=1405948
--------------------------------------------------------------------------------
================================================================================
mongodb-2.6.12-4.el7 (FEDORA-EPEL-2017-5805758e8b)
High-performance, schema-free document-oriented database
--------------------------------------------------------------------------------
Update Information:
Fix logrotate configuration file - to avoid creating 0-length files.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410238 - logrotate creates unwanted 0-length files
https://bugzilla.redhat.com/show_bug.cgi?id=1410238
--------------------------------------------------------------------------------
================================================================================
pcre2-10.21-12.el7 (FEDORA-EPEL-2017-389e9670e5)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release fixes compiling a class with Unicode properties and without UTF
mode. It also fixes an ouf-of-bound read in pcre2test tool within POSIX mode.
--------------------------------------------------------------------------------
================================================================================
perl-Net-UPnP-1.4.3-5.el7 (FEDORA-EPEL-2017-1cff194ad3)
Perl extension for UPnP
--------------------------------------------------------------------------------
Update Information:
Initial EPEL 7 build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1123233 - Please Branch perl-Net-UPnP for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1123233
--------------------------------------------------------------------------------
================================================================================
perl-PHP-Serialization-0.34-16.el7 (FEDORA-EPEL-2017-659b0463f7)
Converts between PHP's serialize() output and the equivalent Perl structure
--------------------------------------------------------------------------------
Update Information:
Perl 5.24 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412422 - Plans for EPEL 6 & 7
https://bugzilla.redhat.com/show_bug.cgi?id=1412422
--------------------------------------------------------------------------------
================================================================================
php-pdepend-PHP-Depend-2.4.1-1.el7 (FEDORA-EPEL-2017-fef0adb8c8)
PHP_Depend design quality metrics for PHP package
--------------------------------------------------------------------------------
Update Information:
**pdepend-2.4.1** (2017/01/11) This release closes a bug within PDepend's
parser when keywords are used as method or constant names in PHP 7.0 - Fixes
an issue with methods or constants with keyword identifiers called/accessed
in PHP 7. ---- **pdepend-2.4.0** (2017/01/10) This release implements
language features like Anonymous Classes, Group use Declarations, Uniform
Variable Syntax or Loosening Reserved Word Restrictions that were introduced
with PHP 7.0, so that PDepend 2.4 is now PHP 7.0 compatible. - Fixed #281: PHP
7 - Anonymous Class - Internal parser state issues - Fixed #285: Parse the
magic constant __TRAIT__ - Fixed #210: Partial Class Namespace is Calculated
Twice: in Global and it's Own Namespace - Implemented #280: Refactor
SymbolTable - Implemented #282: PHP 7 - Group use declarations - Implemented
#269: Unexpected token: :: (implicit object / method usage) - Implemented
#204: Support for the ... operator in function calls - Implemented #290:
Unexpected token: ARRAY (reserved keyword as a class constant)
--------------------------------------------------------------------------------
================================================================================
plplot-5.10.0-10.el7 (FEDORA-EPEL-2017-a81965d35f)
Library of functions for making scientific plots
--------------------------------------------------------------------------------
Update Information:
Re-enable octave
--------------------------------------------------------------------------------
================================================================================
prosody-0.9.12-1.el7 (FEDORA-EPEL-2017-2553435184)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.12 ============== A summary of changes in this release: *
Dependencies: Fix certificate verification failures when using LuaSec 0.6 (fixes
#781) * mod_s2s: Lower log message to 'warn' level, standard for remotely-
triggered protocol issues * certs/Makefile: Remove -c flag from chmod call (a
GNU extension) * Networking: Prevent writes after a handler is closed (fixes
#783)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412102 - prosody-0.9.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1412102
--------------------------------------------------------------------------------
================================================================================
python-argcomplete-1.7.0-1.el7 (FEDORA-EPEL-2017-fa94f36800)
Bash tab completion for argparse
--------------------------------------------------------------------------------
Update Information:
From 0.8.8 -> 1.7.0
https://github.com/kislyuk/argcomplete/blob/master/Changes.rst
--------------------------------------------------------------------------------
================================================================================
python-cvss-1.7-1.el7 (FEDORA-EPEL-2017-8bbbb95318)
CVSS2/3 library with interactive calculator
--------------------------------------------------------------------------------
Update Information:
- New release v1.7 - Fixes regression introduced in v1.5. Interactive calculator
failed for CVSS3 as it did not provide mandatory prefix. ---- - New release
v1.6. - Fix to ensure cvss2 score is never negative.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402174 - python-cvss-v1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1402174
[ 2 ] Bug #1412158 - python-cvss-v1.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1412158
--------------------------------------------------------------------------------
================================================================================
python-plumbum-1.6.0-5.el7 (FEDORA-EPEL-2017-2b9e829660)
Shell combinators library
--------------------------------------------------------------------------------
Update Information:
Disabled Python 3 build for EPEL
--------------------------------------------------------------------------------
================================================================================
qpdfview-0.4.16-3.el7 (FEDORA-EPEL-2017-e0e1580755)
Tabbed PDF Viewer
--------------------------------------------------------------------------------
Update Information:
First EPEL7 build
--------------------------------------------------------------------------------
================================================================================
webalizer-2.23_08-6.el7 (FEDORA-EPEL-2017-4e19a89878)
A flexible Web server log file analysis program
--------------------------------------------------------------------------------
Update Information:
Add patch to fix some undefined behaviour by switching to memmove() (#1409349)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409349 - webalizer damages webalizer.hist
https://bugzilla.redhat.com/show_bug.cgi?id=1409349
--------------------------------------------------------------------------------
================================================================================
wordpress-4.7.1-1.el7 (FEDORA-EPEL-2017-f1acebb58b)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.7.1** Security and Maintenance Release This is a security release
for all previous versions and we strongly encourage you to update your sites
immediately. WordPress versions 4.7 and earlier are affected by eight security
issues: * Remote code execution (RCE) in PHPMailer ��� No specific issue
appears to affect WordPress or any of the major plugins we investigated but, out
of an abundance of caution, we updated PHPMailer in this release. This issue was
reported to PHPMailer by Dawid Golunski and Paul Buonopane. * The REST API
exposed user data for all users who had authored a post of a public post type.
WordPress 4.7.1 limits this to only post types which have specified that they
should be shown within the REST API. Reported by Krogsgard and Chris Jean. *
Cross-site scripting (XSS) via the plugin name or version header on update-
core.php. Reported by Dominik Schilling of the WordPress Security Team. *
Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by
Abdullah Hussam. * Cross-site scripting (XSS) via theme name fallback.
Reported by Mehmet Ince. * Post via email checks mail.example.com if default
settings aren���t changed. Reported by John Blackbourn of the WordPress Security
Team. * A cross-site request forgery (CSRF) was discovered in the
accessibility mode of widget editing. Reported by Ronnie Skansing. * Weak
cryptographic security for multisite activation key. Reported by Jack. Thank
you to the reporters for practicing responsible disclosure. In addition to the
security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more
information, see the [release notes](https://codex.wordpress.org/Version_4.7.1)
or consult the [list of
changes](https://core.trac.wordpress.org/query?milestone=4.7.1).
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2017.01.10-1.el7 (FEDORA-EPEL-2017-bd8b161195)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to new release to fix youtube support ---- New upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412668 - youtube-dl: ERROR: Signature extraction failed
https://bugzilla.redhat.com/show_bug.cgi?id=1412668
[ 2 ] Bug #1409343 - youtube-dl-2017.01.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1409343
[ 3 ] Bug #1403632 - youtube-dl-2016.12.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403632
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
554 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6
548 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
480 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
438 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
410 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
140 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53 chicken-4.11.0-3.el6
20 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-62450e4e38 libpng10-1.0.67-1.el6
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-284a1cc356 exim-4.88-1.el6
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c6c7bf06e dbus-sharp-0.7.0-16.el6 dbus-sharp-glib-0.5.0-14.el6 mono-4.2.4-9.el6
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7d479b3940 php-PHPMailer-5.2.22-1.el6
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-50bd111169 icoutils-0.31.1-1.el6
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4e597458f1 php-ZendFramework2-2.2.10-3.el6
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c29445aed4 gnutls30-3.5.8-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-418df7d00a wordpress-4.7.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
drupal7-honeypot-1.22-1.el6
golang-github-go-ini-ini-1.21.1-0.1.git6e4869b.el6
golang-github-hashicorp-errwrap-0-0.5.git7554cd9.el6
golang-github-hashicorp-go-multierror-0-0.9.gitd30f099.el6
golang-github-jtolds-gls-0-0.7.git9a4a02d.el6
golang-github-smartystreets-assertions-1.6.0-0.3.git287b434.el6
golang-github-smartystreets-goconvey-1.6.1-0.3.gitbf58a9a.el6
hitch-1.4.4-2.el6
pcre2-10.21-12.el6
perl-PHP-Serialization-0.34-16.el6
prosody-0.9.12-1.el6
python-cvss-1.7-1.el6
wordpress-4.7.1-1.el6
Details about builds:
================================================================================
drupal7-honeypot-1.22-1.el6 (FEDORA-EPEL-2017-02467410ea)
Mitigates spam form submissions using the honeypot method
--------------------------------------------------------------------------------
Update Information:
Honeypot uses both the honeypot and timestamp methods of deterring spam bots
from completing forms on your Drupal site (read more here). These methods are
effective against many spam bots, and are not as intrusive as CAPTCHAs or other
methods which punish the user [YouTube]. The module currently supports enabling
for all forms on the site, or particular forms like user registration or
password reset forms, webforms, contact forms, node forms, and comment forms.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1100973 - Review Request: drupal7-honeypot - Honeypot uses both the honeypot and timestamp methods of deterring spam bots
https://bugzilla.redhat.com/show_bug.cgi?id=1100973
--------------------------------------------------------------------------------
================================================================================
golang-github-go-ini-ini-1.21.1-0.1.git6e4869b.el6 (FEDORA-EPEL-2017-e3e7e68a5b)
Package ini provides INI file read and write functionality in Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 6e4869b434bd001f6983749881c7ead3545887d8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412590 - Tracker for golang-github-go-ini-ini
https://bugzilla.redhat.com/show_bug.cgi?id=1412590
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-errwrap-0-0.5.git7554cd9.el6 (FEDORA-EPEL-2017-d3104cf125)
Errwrap is a Go (golang) library for wrapping and querying errors
--------------------------------------------------------------------------------
Update Information:
Polish the spec file ---- First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412620 - Tracker for golang-github-hashicorp-errwrap
https://bugzilla.redhat.com/show_bug.cgi?id=1412620
--------------------------------------------------------------------------------
================================================================================
golang-github-hashicorp-go-multierror-0-0.9.gitd30f099.el6 (FEDORA-EPEL-2017-630f157dc3)
Package for representing a list of errors as a single error
--------------------------------------------------------------------------------
Update Information:
Polish the spec file ---- Update spec file to spec-2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250466 - Tracker for golang-github-hashicorp-go-multierror
https://bugzilla.redhat.com/show_bug.cgi?id=1250466
--------------------------------------------------------------------------------
================================================================================
golang-github-jtolds-gls-0-0.7.git9a4a02d.el6 (FEDORA-EPEL-2017-17002f1a08)
Goroutine local storage
--------------------------------------------------------------------------------
Update Information:
Polish the spec file ---- Update spec file to spec-2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250490 - Tracker for golang-github-jtolds-gls
https://bugzilla.redhat.com/show_bug.cgi?id=1250490
--------------------------------------------------------------------------------
================================================================================
golang-github-smartystreets-assertions-1.6.0-0.3.git287b434.el6 (FEDORA-EPEL-2017-95e40200ee)
Fluent assertion-style functions
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250509 - Tracker for golang-github-smartystreets-assertions
https://bugzilla.redhat.com/show_bug.cgi?id=1250509
--------------------------------------------------------------------------------
================================================================================
golang-github-smartystreets-goconvey-1.6.1-0.3.gitbf58a9a.el6 (FEDORA-EPEL-2017-874610b6b6)
Behavioral testing in the browser, integrates with go test
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250511 - Tracker for golang-github-smartystreets-goconvey
https://bugzilla.redhat.com/show_bug.cgi?id=1250511
--------------------------------------------------------------------------------
================================================================================
hitch-1.4.4-2.el6 (FEDORA-EPEL-2017-df71990a9f)
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:
New upstream release. A bugfix and comptibility release. From the upstream
changelog: * OpenSSL 1.1.0 compatibility fixes. OpenSSL 1.1.0 is now fully
supported with Hitch. * Fix a bug in the OCSP refresh code that could make it
loop with immediate refreshes flooding an OCSP responder. * Force the
SSL_OP_SINGLE_DH_USE setting. This protects against an OpenSSL vulnerability
where a remote attacker could discover private DH exponents (CVE-2016-0701).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405948 - OSCP stapling not working by default
https://bugzilla.redhat.com/show_bug.cgi?id=1405948
--------------------------------------------------------------------------------
================================================================================
pcre2-10.21-12.el6 (FEDORA-EPEL-2017-7f94ea5689)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release fixes compiling a class with Unicode properties and without UTF
mode. It also fixes an ouf-of-bound read in pcre2test tool within POSIX mode.
--------------------------------------------------------------------------------
================================================================================
perl-PHP-Serialization-0.34-16.el6 (FEDORA-EPEL-2017-4c960a85be)
Converts between PHP's serialize() output and the equivalent Perl structure
--------------------------------------------------------------------------------
Update Information:
Perl 5.24 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412422 - Plans for EPEL 6 & 7
https://bugzilla.redhat.com/show_bug.cgi?id=1412422
--------------------------------------------------------------------------------
================================================================================
prosody-0.9.12-1.el6 (FEDORA-EPEL-2017-bcb85bf2f8)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.9.12 ============== A summary of changes in this release: *
Dependencies: Fix certificate verification failures when using LuaSec 0.6 (fixes
#781) * mod_s2s: Lower log message to 'warn' level, standard for remotely-
triggered protocol issues * certs/Makefile: Remove -c flag from chmod call (a
GNU extension) * Networking: Prevent writes after a handler is closed (fixes
#783)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412102 - prosody-0.9.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1412102
--------------------------------------------------------------------------------
================================================================================
python-cvss-1.7-1.el6 (FEDORA-EPEL-2017-d2c6c8a4e6)
CVSS2/3 library with interactive calculator
--------------------------------------------------------------------------------
Update Information:
- New release v1.7 - Fixes regression introduced in v1.5. Interactive calculator
failed for CVSS3 as it did not provide mandatory prefix. ---- - New release
v1.6. - Fix to ensure cvss2 score is never negative.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1402174 - python-cvss-v1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1402174
[ 2 ] Bug #1412158 - python-cvss-v1.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1412158
--------------------------------------------------------------------------------
================================================================================
wordpress-4.7.1-1.el6 (FEDORA-EPEL-2017-418df7d00a)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.7.1** Security and Maintenance Release This is a security release
for all previous versions and we strongly encourage you to update your sites
immediately. WordPress versions 4.7 and earlier are affected by eight security
issues: * Remote code execution (RCE) in PHPMailer ��� No specific issue
appears to affect WordPress or any of the major plugins we investigated but, out
of an abundance of caution, we updated PHPMailer in this release. This issue was
reported to PHPMailer by Dawid Golunski and Paul Buonopane. * The REST API
exposed user data for all users who had authored a post of a public post type.
WordPress 4.7.1 limits this to only post types which have specified that they
should be shown within the REST API. Reported by Krogsgard and Chris Jean. *
Cross-site scripting (XSS) via the plugin name or version header on update-
core.php. Reported by Dominik Schilling of the WordPress Security Team. *
Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by
Abdullah Hussam. * Cross-site scripting (XSS) via theme name fallback.
Reported by Mehmet Ince. * Post via email checks mail.example.com if default
settings aren���t changed. Reported by John Blackbourn of the WordPress Security
Team. * A cross-site request forgery (CSRF) was discovered in the
accessibility mode of widget editing. Reported by Ronnie Skansing. * Weak
cryptographic security for multisite activation key. Reported by Jack. Thank
you to the reporters for practicing responsible disclosure. In addition to the
security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more
information, see the [release notes](https://codex.wordpress.org/Version_4.7.1)
or consult the [list of
changes](https://core.trac.wordpress.org/query?milestone=4.7.1).
--------------------------------------------------------------------------------