The following Fedora EPEL 7 Security updates need testing:
Age URL
127
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a
unrtf-0.21.9-8.el7
77
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a
bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7
61
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
52
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3a3c72c5e5
chromium-68.0.3440.106-3.el7
33
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3492a96896
myrepos-1.20180726-1.el7
24
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc87c43cdd
libbson-1.3.5-6.el7
17
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c906338b6b
libmad-0.15.1b-26.el7
17
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f13feb5e4b
sensible-utils-0.0.12-2.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-aa0030f9a1
php-horde-nag-4.2.19-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e8e2e2acac
strongswan-5.7.1-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6e8b488d2
clamav-0.100.2-2.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a9ac6a18d2
libgit2-0.26.7-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
libuv-1.23.2-1.el7
mosquitto-1.5.3-1.el7
purple-facebook-0.9.5-11.9ff9acf9fa14.el7
s3fs-fuse-1.84-3.el7
Details about builds:
================================================================================
libuv-1.23.2-1.el7 (FEDORA-EPEL-2018-d797366c77)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
Update to the latest libuv 1.23.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 11 2018 Stephen Gallagher <sgallagh(a)redhat.com> - 1.23.2-1
- Update to 1.23.2
-
https://github.com/libuv/libuv/blob/v1.23.2/ChangeLog
* Tue Sep 11 2018 Stephen Gallagher <sgallagh(a)redhat.com> - 1.23.0-1
- Update to 1.23.0
-
https://github.com/libuv/libuv/blob/v1.23.0/ChangeLog
--------------------------------------------------------------------------------
================================================================================
mosquitto-1.5.3-1.el7 (FEDORA-EPEL-2018-aa66b877bb)
An Open Source MQTT v3.1/v3.1.1 Broker
--------------------------------------------------------------------------------
Update Information:
Release 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to
Mosquitto with a topic that begins with $, but is not $SYS, then an assert that
should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate
log level to warning for situation when socket limit is hit. * Remove
requirement to use `user root` in snap package config files. * Fix retained
messages not sent by bridges on outgoing topics at the first connection. *
Documentation fixes. * Fix duplicate clients being added to by_id hash before
the old client was removed. * Fix Windows version not starting if include_dir
did not contain any files. Build: * Various fixes to ease building. Further
details here:
http://mosquitto.org/ChangeLog.txt
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 14 2018 Peter Robinson <pbrobinson(a)fedoraproject.org> 1.5.3-1
- 1.5.3 release
* Thu Sep 20 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.5.2-2
- Use WITH_BUNDLED_DEPS=no
* Thu Sep 20 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.5.2-1
- Update to new upstream version 1.5.2
* Mon Aug 20 2018 Peter Robinson <pbrobinson(a)fedoraproject.org> 1.5.1-1
- 1.5.1 release
* Fri Jul 20 2018 John W. Linville <linville(a)redhat.com> - 1.5-5
- Add previously unnecessary BuildRequires for gcc-c++
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat May 26 2018 Rich Mattes <richmattes(a)gmail.com> - 1.5-3
- Add network-online.target and documentation to unitfile
* Sat May 26 2018 Rich Mattes <richmattes(a)gmail.com> - 1.5-2
- Use upstream systemd service and enable systemd notification support
(rhbz#1410654)
* Sun May 20 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.5-2
- Update to new upstream version 1.5 (rhbz#1580115)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1588904 - CVE-2017-7654 mosquitto: Memory leak allows unauthenticated clients
to send crafted CONNECT packets causing a denial of service [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1588904
[ 2 ] Bug #1588901 - CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows
malicious clients to cause other clients to disconnect [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1588901
--------------------------------------------------------------------------------
================================================================================
purple-facebook-0.9.5-11.9ff9acf9fa14.el7 (FEDORA-EPEL-2018-01af2ad74b)
Facebook protocol plugin for purple2
--------------------------------------------------------------------------------
Update Information:
- Backported upstream patch for Facebook Work Chat. - Backported pull-request
adding an option to show inactive friends as away. - Backported pull-request
fixing compiler warnings. - Add disclaimer to %description. - Optimize
sortability of patches. - Refactor patches for smooth alignment.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-11.9ff9acf9fa14
- Backported upstream patch for Facebook Work Chat
* Sat Oct 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-10.9ff9acf9fa14
- Optimize sortability of patches
- Refactor patches for smooth alignment
- Remove empty line from spec file
* Fri Oct 5 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-9.9ff9acf9fa14
- Update Patch101 to match upstream PR
* Thu Oct 4 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-8.9ff9acf9fa14
- Backported pull-request fixing compiler warnings
* Thu Oct 4 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-7.9ff9acf9fa14
- Add disclaimer to %description
* Thu Oct 4 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-6.9ff9acf9fa14
- Backported pull-request adding an option to show inactive friends as away
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.9.5-5.9ff9acf9fa14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
s3fs-fuse-1.84-3.el7 (FEDORA-EPEL-2018-9a65bf65cb)
FUSE-based file system backed by Amazon S3
--------------------------------------------------------------------------------
Update Information:
Require fuse package on runtime to allow mounting with systemd, mount command or
/etc/fstab (#1637669)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 14 2018 Julio Gonzalez Gil <git(a)juliogonzalez.es> - 1.84-3
- Require fuse package on runtime to allow mounting with systemd,
mount command or /etc/fstab (#1637669)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637669 - s3fs unable to mount volumes via mount or systemd unless fuse
package is installed
https://bugzilla.redhat.com/show_bug.cgi?id=1637669
--------------------------------------------------------------------------------