The following Fedora EPEL 7 Security updates need testing:
Age URL
419
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
181
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
48
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-785fc9a2ea
dropbear-2016.72-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-56e02a47c7
ansible-2.0.2.0-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d398cc4c6c
roundcubemail-1.1.5-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-017aadcc97
php-getid3-1.9.12-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-aad55a428b
w3m-0.5.3-20.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c731bc5ec0
cacti-0.8.8g-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-af216d3233
ansible1.9-1.9.6-2.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2a74e47381
pgpdump-0.30-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-4f1d69369e
openvas-cli-1.4.4-1.el7 openvas-gsa-6.0.10-3.el7 openvas-libraries-8.0.7-2.el7
openvas-manager-6.0.8-2.el7 openvas-scanner-5.0.5-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
389-ds-1.2.2-6.el7
composer-1.0.3-1.el7
gimpfx-foundry-2.6.1-5.el7
openvas-cli-1.4.4-1.el7
openvas-gsa-6.0.10-3.el7
openvas-libraries-8.0.7-2.el7
openvas-manager-6.0.8-2.el7
openvas-scanner-5.0.5-3.el7
re2-20160401-2.el7
Details about builds:
================================================================================
389-ds-1.2.2-6.el7 (FEDORA-EPEL-2016-db6741b498)
389 Directory, Administration, and Console Suite
--------------------------------------------------------------------------------
Update Information:
Rebuilt for epel7
--------------------------------------------------------------------------------
================================================================================
composer-1.0.3-1.el7 (FEDORA-EPEL-2016-ee5a85b9be)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.0.3** - 2016-04-29 * Security: Fixed possible command injection
from the env vars into our sudo detection * Fixed interactive authentication
with gitlab * Fixed class name replacement in plugins * Fixed classmap
generation mistakenly detecting anonymous classes * Fixed auto-detection of
stability flags in complex constraints like `2.0-dev || ^1.5` * Fixed content-
length handling when redirecting to very small responses ---- **Version
1.0.2** * Fixed regression in 1.0.1 on systems with mbstring.func_overload
enabled * Fixed regression in 1.0.1 that made dev packages update to the
latest reference even if not whitelisted in a partial update * Fixed init
command ignoring the COMPOSER env var for choosing the json file name * Fixed
error reporting bug when the dependency resolution fails * Fixed handling of
$ sign in composer config command in some cases it could corrupt the json file
---- **Version 1.0.1** * Fixed URL updating when a package's URL changes,
composer.lock now contains the right URL including correct reference * Fixed URL
updating of the origin git remote as well for packages installed as git clone *
Fixed binary .bat files generated from linux being incompatible with windows cmd
* Fixed handling of paths with trailing slashes in path repository * Fixed
create-project not using platform config when selecting a package * Fixed self-
update not showing the channel it uses to perform the update * Fixed file
downloads not failing loudly when the content does not match the Content-Length
header * Fixed secure-http detecting some malformed URLs as insecure * Updated
CA bundle Notice system CA is always preferred, bundled copy is only used as a
last chance fallback. ---- **Version 1.0.0** * Added support for
bitbucket-oauth configuration * Added warning when running composer as super
user, set COMPOSER_ALLOW_SUPERUSER=1 to hide the warning if you really must *
Added PluginManager::getGlobalComposer getter to retrieve the global instance
(which can be null!) * Fixed dependency solver error reporting in many cases
it now shows you proper errors instead of just saying a package does not exist *
Fixed output of failed downloads appearing as 100% done instead of Failed *
Fixed handling of empty directories when archiving, they are not skipped anymore
* Fixed installation of broken plugins corrupting the vendor state when
combined with symlinked path repositories ---- **Version 1.0.0-beta2** *
Break: The install command now turns into an update command automatically if you
have no composer.lock. This was done only half-way before which caused
inconsistencies * Break: By default the remove command now removes
dependencies as well, and --update-with-dependencies is deprecated. Use --no-
update-with-dependencies to get old behavior * Added support for SSL_CERT_DIR
env var and openssl.capath ini value * Added some conflict detection in why-
not command * Added suggestion of root package's suggests in create-project
command * Fixed create-project ignoring --ignore-platform-reqs when choosing
a version of the package * Fixed search command in a directory without
composer.json * Fixed path repository handling of symlinks on windows *
Fixed PEAR repo handling to prefer HTTPS mirrors over HTTP ones * Fixed
handling of Path env var on Windows, only PATH was accepted before * Small
error reporting and docs improvements
--------------------------------------------------------------------------------
================================================================================
gimpfx-foundry-2.6.1-5.el7 (FEDORA-EPEL-2016-6103c4ed2e)
Additional GIMP plugins
--------------------------------------------------------------------------------
Update Information:
gimpfx-foundry plugin for GIMP returns in the repository
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1327929 - Review Request: gimpfx-foundry - Additional plugins for GIMP
https://bugzilla.redhat.com/show_bug.cgi?id=1327929
--------------------------------------------------------------------------------
================================================================================
openvas-cli-1.4.4-1.el7 (FEDORA-EPEL-2016-4f1d69369e)
Command-line tool to drive OpenVAS Manager
--------------------------------------------------------------------------------
Update Information:
Bump to latest upstream bugfix releases. Security fix for CVE-2016-1926
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper
handling of the parameters of get_aggregate command
https://bugzilla.redhat.com/show_bug.cgi?id=1300683
--------------------------------------------------------------------------------
================================================================================
openvas-gsa-6.0.10-3.el7 (FEDORA-EPEL-2016-4f1d69369e)
Greenbone Security Assistant (GSA) is GUI to the OpenVAS
--------------------------------------------------------------------------------
Update Information:
Bump to latest upstream bugfix releases. Security fix for CVE-2016-1926
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper
handling of the parameters of get_aggregate command
https://bugzilla.redhat.com/show_bug.cgi?id=1300683
--------------------------------------------------------------------------------
================================================================================
openvas-libraries-8.0.7-2.el7 (FEDORA-EPEL-2016-4f1d69369e)
Support libraries for Open Vulnerability Assessment (OpenVAS) Scanner
--------------------------------------------------------------------------------
Update Information:
Bump to latest upstream bugfix releases. Security fix for CVE-2016-1926
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper
handling of the parameters of get_aggregate command
https://bugzilla.redhat.com/show_bug.cgi?id=1300683
--------------------------------------------------------------------------------
================================================================================
openvas-manager-6.0.8-2.el7 (FEDORA-EPEL-2016-4f1d69369e)
Manager Module for the Open Vulnerability Assessment System (OpenVAS)
--------------------------------------------------------------------------------
Update Information:
Bump to latest upstream bugfix releases. Security fix for CVE-2016-1926
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper
handling of the parameters of get_aggregate command
https://bugzilla.redhat.com/show_bug.cgi?id=1300683
--------------------------------------------------------------------------------
================================================================================
openvas-scanner-5.0.5-3.el7 (FEDORA-EPEL-2016-4f1d69369e)
Open Vulnerability Assessment (OpenVAS) Scanner
--------------------------------------------------------------------------------
Update Information:
Bump to latest upstream bugfix releases. Security fix for CVE-2016-1926
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1300683 - CVE-2016-1926 openvas-gsa: XSS vulnerability due to improper
handling of the parameters of get_aggregate command
https://bugzilla.redhat.com/show_bug.cgi?id=1300683
--------------------------------------------------------------------------------
================================================================================
re2-20160401-2.el7 (FEDORA-EPEL-2016-d8f84c6912)
C++ fast alternative to backtracking RE engines
--------------------------------------------------------------------------------
Update Information:
Update to 20160401, primarily for chromium.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1307988 - re2: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1307988
--------------------------------------------------------------------------------