The following Fedora EPEL 7 Security updates need testing:
Age URL
649
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
411
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
129
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c
redis-3.2.3-1.el7
113
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
56
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6
compat-guile18-1.8.8-14.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fd41ef0987
php-simplesamlphp-saml2-2.3.3-1.el7 php-simplesamlphp-saml2_1-1.10.3-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-967040283d
lxc-1.0.9-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-090cbd0a83
botan-1.10.14-3.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-73b4fc1c78
chromium-55.0.2883.87-1.el7.1
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d21e337184
hdf5-1.8.12-8.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0899019edf
game-music-emu-0.6.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
Agda-2.3.2.2-5.el7
fedpkg-1.26-4.el7
game-music-emu-0.6.1-1.el7
golang-github-golang-appengine-0-0.9.git6a43653.el7
golang-github-grpc-grpc-go-1.0.0-0.2.git231b4cf.el7
golang-google-golangorg-cloud-0-0.10.git872c736.el7
golang-googlecode-goauth2-0-0.18.git1364adb.el7
golang-googlecode-google-api-client-0-0.16.gite6294e6.el7
hdf5-1.8.12-8.el7
nordugrid-arc-5.2.1-1.el7
pcre2-10.21-11.el7
php-bartlett-PHP-CompatInfo-5.0.2-1.el7
php-bartlett-php-compatinfo-db-1.16.0-1.el7
php-horde-Horde-Dav-1.1.4-1.el7
rpkg-1.47-6.el7
Details about builds:
================================================================================
Agda-2.3.2.2-5.el7 (FEDORA-EPEL-2016-bac57460bf)
A dependently typed functional programming language and proof assistant
--------------------------------------------------------------------------------
Update Information:
Part of Haskell package rebuilds
--------------------------------------------------------------------------------
================================================================================
fedpkg-1.26-4.el7 (FEDORA-EPEL-2016-14415f0f51)
Fedora utility for working with dist-git
--------------------------------------------------------------------------------
Update Information:
This build contains changes needed for flag day on December 12. - Once you use
this version to upload new sources, older versions of `fedpkg` will not be able
to work with the package. - pkgs and lookaside site URL are changed. The new
URL uses ``https``. You can see the new URls with ``-d`` and ``-v`` when
``clone`` and ``sources``. Changelog - rpkg,
https://pagure.io/rpkg/blob/master/f/CHANGELOG.rst - fedpkg,
https://pagure.io/fedpkg/blob/master/f/CHANGELOG.rst Additional issue fixed in
fedpkg-1.26-4, - [#87](https://pagure.io/fedpkg/issue/87) - fedpkg is
incompatible with bodhi 2.x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #714726 - change --root option to --mock-config to fedpkg mockbuild
https://bugzilla.redhat.com/show_bug.cgi?id=714726
[ 2 ] Bug #841516 - fedpkg scratch-build error message should be improved to tell you
how to do a scratch build without pushing
https://bugzilla.redhat.com/show_bug.cgi?id=841516
[ 3 ] Bug #1325775 - Working on branch without remote tracking branch fails due to
unpushed changes
https://bugzilla.redhat.com/show_bug.cgi?id=1325775
[ 4 ] Bug #1203757 - The description of fedpkg verify-files in the man page and help
text is misleading
https://bugzilla.redhat.com/show_bug.cgi?id=1203757
[ 5 ] Bug #1169663 - Build stops with "Could not execute scratch_build: There are
unpushed changes in your repo" when there are no unpushed changes in the current
branch
https://bugzilla.redhat.com/show_bug.cgi?id=1169663
[ 6 ] Bug #1402882 - fedpkg local fails
https://bugzilla.redhat.com/show_bug.cgi?id=1402882
[ 7 ] Bug #1404724 - ���fedpkg update��� fails when the last git log message contains
non-ASCII.
https://bugzilla.redhat.com/show_bug.cgi?id=1404724
[ 8 ] Bug #1241059 - Could not execute new_sources: unsupported second type in tuple
https://bugzilla.redhat.com/show_bug.cgi?id=1241059
[ 9 ] Bug #1404102 - __init__.py:237 (login_koji_session): AttributeError:
'module' object has no attribute 'ssl'
https://bugzilla.redhat.com/show_bug.cgi?id=1404102
--------------------------------------------------------------------------------
================================================================================
game-music-emu-0.6.1-1.el7 (FEDORA-EPEL-2016-0899019edf)
Video game music file emulation/playback library
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960,
CVE-2016-9961
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1405425 - CVE-2016-9957 CVE-2016-9958 CVE-2016-9959 CVE-2016-9960
CVE-2016-9961 game-music-emu: Multiple issues due to incorrect emulation of the SPC700
audio co-processor of SNES [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1405425
--------------------------------------------------------------------------------
================================================================================
golang-github-golang-appengine-0-0.9.git6a43653.el7 (FEDORA-EPEL-2016-dabdaea42c)
Go App Engine for Managed VMs
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 6a436539be38c296a8075a871cc536686b458371 ---- Polish the spec
file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249049 - Tracker for golang-github-golang-appengine
https://bugzilla.redhat.com/show_bug.cgi?id=1249049
--------------------------------------------------------------------------------
================================================================================
golang-github-grpc-grpc-go-1.0.0-0.2.git231b4cf.el7 (FEDORA-EPEL-2016-bbd519d036)
The Go language implementation of gRPC. HTTP/2 based RPC
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250461 - Tracker for golang-github-grpc-grpc-go
https://bugzilla.redhat.com/show_bug.cgi?id=1250461
--------------------------------------------------------------------------------
================================================================================
golang-google-golangorg-cloud-0-0.10.git872c736.el7 (FEDORA-EPEL-2016-4ec06310f3)
Google Cloud Platform APIs related types and common functions
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 872c736f496c2ba12786bedbb8325576bbdb33cf ---- Polish the spec
file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246239 - Tracker for golang-google-golangorg-cloud
https://bugzilla.redhat.com/show_bug.cgi?id=1246239
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-goauth2-0-0.18.git1364adb.el7 (FEDORA-EPEL-2016-82971d5f82)
OAuth 2.0 for Go clients
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1227273 - Tracker for golang-googlecode-goauth2
https://bugzilla.redhat.com/show_bug.cgi?id=1227273
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-google-api-client-0-0.16.gite6294e6.el7 (FEDORA-EPEL-2016-098bd3de3f)
Go libraries for "new style" Google APIs
--------------------------------------------------------------------------------
Update Information:
Bump to upstream e6294e63a06b2be522ff3d328d8cacded0b1bd31 ---- Polish the spec
file ---- Polish spec file, enable devel and unit-test for epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250521 - Tracker for golang-googlecode-google-api-client
https://bugzilla.redhat.com/show_bug.cgi?id=1250521
--------------------------------------------------------------------------------
================================================================================
hdf5-1.8.12-8.el7 (FEDORA-EPEL-2016-d21e337184)
A general purpose library and file format for storing scientific data
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-4330, CVE-2016-4331, CVE-2016-4332, CVE-2016-4333
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1397708 - CVE-2016-4333 hdf5: H5T_COMPOUND heap buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1397708
[ 2 ] Bug #1397707 - CVE-2016-4332 hdf5: Shareable message type out-of-bounds write
https://bugzilla.redhat.com/show_bug.cgi?id=1397707
[ 3 ] Bug #1397704 - CVE-2016-4331 hdf5: H5Z_NBIT heap buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1397704
[ 4 ] Bug #1397701 - CVE-2016-4330 hdf5: H5T_ARRAY heap buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1397701
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc-5.2.1-1.el7 (FEDORA-EPEL-2016-3dacd28e24)
Advanced Resource Connector Grid Middleware
--------------------------------------------------------------------------------
Update Information:
ARC 5.2.1
--------------------------------------------------------------------------------
================================================================================
pcre2-10.21-11.el7 (FEDORA-EPEL-2016-90cc377734)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This release fixes crashes in substitution when starting offset was specified
beyond the subject end or when an extended substition for \p, \P, or \X was
performed. ---- This release fixes "pcre2-config --libs-posix" output, a
memory leak in pcre2test tool, a buffer overflow in the library when partial-
matching for CR-LF in an empty buffer and a crash in pcre2test tool when
diplaying wide characters.
--------------------------------------------------------------------------------
================================================================================
php-bartlett-PHP-CompatInfo-5.0.2-1.el7 (FEDORA-EPEL-2016-159880b8be)
Find out version and the extensions required for a piece of code to run
--------------------------------------------------------------------------------
Update Information:
Latest upstream versions. As upstream don't think a changelog is useful, you
can try to read the [commit
history](https://github.com/llaville/php-compat-
info/commits/master) or [file an
issue](https://github.com/llaville/php-compat-
info/issues/new) to request some information.
--------------------------------------------------------------------------------
================================================================================
php-bartlett-php-compatinfo-db-1.16.0-1.el7 (FEDORA-EPEL-2016-159880b8be)
Reference Database to be used with php-compatinfo library
--------------------------------------------------------------------------------
Update Information:
Latest upstream versions. As upstream don't think a changelog is useful, you
can try to read the [commit
history](https://github.com/llaville/php-compat-
info/commits/master) or [file an
issue](https://github.com/llaville/php-compat-
info/issues/new) to request some information.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Dav-1.1.4-1.el7 (FEDORA-EPEL-2016-2878ad3ded)
Horde library for WebDAV, CalDAV, CardDAV
--------------------------------------------------------------------------------
Update Information:
**Horde_Dav 1.1.4** * [jan] Fix throwing exceptions from Lock backend (Bug
#14520). * [jan] Mark PHP 7 as supported. * [jan] Update to SabreDAV 1.8.12
(Only redirect client to HTTP and HTTPS urls; Support empty user names and
passwords in basic authentication).
--------------------------------------------------------------------------------
================================================================================
rpkg-1.47-6.el7 (FEDORA-EPEL-2016-14415f0f51)
Utility for interacting with rpm+git packaging systems
--------------------------------------------------------------------------------
Update Information:
This build contains changes needed for flag day on December 12. - Once you use
this version to upload new sources, older versions of `fedpkg` will not be able
to work with the package. - pkgs and lookaside site URL are changed. The new
URL uses ``https``. You can see the new URls with ``-d`` and ``-v`` when
``clone`` and ``sources``. Changelog - rpkg,
https://pagure.io/rpkg/blob/master/f/CHANGELOG.rst - fedpkg,
https://pagure.io/fedpkg/blob/master/f/CHANGELOG.rst Additional issue fixed in
fedpkg-1.26-4, - [#87](https://pagure.io/fedpkg/issue/87) - fedpkg is
incompatible with bodhi 2.x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #714726 - change --root option to --mock-config to fedpkg mockbuild
https://bugzilla.redhat.com/show_bug.cgi?id=714726
[ 2 ] Bug #841516 - fedpkg scratch-build error message should be improved to tell you
how to do a scratch build without pushing
https://bugzilla.redhat.com/show_bug.cgi?id=841516
[ 3 ] Bug #1325775 - Working on branch without remote tracking branch fails due to
unpushed changes
https://bugzilla.redhat.com/show_bug.cgi?id=1325775
[ 4 ] Bug #1203757 - The description of fedpkg verify-files in the man page and help
text is misleading
https://bugzilla.redhat.com/show_bug.cgi?id=1203757
[ 5 ] Bug #1169663 - Build stops with "Could not execute scratch_build: There are
unpushed changes in your repo" when there are no unpushed changes in the current
branch
https://bugzilla.redhat.com/show_bug.cgi?id=1169663
[ 6 ] Bug #1402882 - fedpkg local fails
https://bugzilla.redhat.com/show_bug.cgi?id=1402882
[ 7 ] Bug #1404724 - ���fedpkg update��� fails when the last git log message contains
non-ASCII.
https://bugzilla.redhat.com/show_bug.cgi?id=1404724
[ 8 ] Bug #1241059 - Could not execute new_sources: unsupported second type in tuple
https://bugzilla.redhat.com/show_bug.cgi?id=1241059
[ 9 ] Bug #1404102 - __init__.py:237 (login_koji_session): AttributeError:
'module' object has no attribute 'ssl'
https://bugzilla.redhat.com/show_bug.cgi?id=1404102
--------------------------------------------------------------------------------