The following Fedora EPEL 7 Security updates need testing:
Age URL
165
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a
unrtf-0.21.9-8.el7
116
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a
bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7
99
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
71
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3492a96896
myrepos-1.20180726-1.el7
21
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bdb21ebc3f
drupal7-7.60-2.el7
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-32e0cee0bb
perl-Mojolicious-7.94-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9051b49e75
suricata-4.0.6-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fc29932f12
pdns-4.0.6-2.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9270bbaec
pdns-recursor-4.1.7-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a09ace87bb
php-PHPMailer-5.2.27-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-0e73364530
python-paramiko-2.1.1-0.9.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c25e48ded1
bird-1.6.4-2.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2206653eb9
python-django-1.11.13-4.el7 python-django16-1.6.11.7-5.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ignition-0.28.0-11.gitf707912.el7
moodle-3.1.15-1.el7
pidgin-groupchat-typing-notifications-3-1.el7
prosody-0.11.0-1.el7
purple-discord-0-21.20181108gita5dd44f.el7
purple-hangouts-0-61.20181118hg833609a.el7
resultsdb-2.1.2-1.el7
vrms-rpm-2.0-1.el7
wsjtx-1.9.1-2.el7
Details about builds:
================================================================================
ignition-0.28.0-11.gitf707912.el7 (FEDORA-EPEL-2018-d7d22c4141)
First boot installer and configuration tool
--------------------------------------------------------------------------------
Update Information:
newest iteration of igntion-dracut modules upstream
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 20 2018 Jonathan Lebon <jonathan(a)jlebon.com> - 0.28.0-11.git7b83454
- Bump to ignition-dracut 7b83454
* Thu Oct 25 2018 Dusty Mabe <dusty(a)dustymabe.com> - 0.28.0-10.gitf707912
- Bump to ignition-dracut decf63f
- * 03d8438 30ignition: only instmods if module available
* Thu Oct 25 2018 Dusty Mabe <dusty(a)dustymabe.com> - 0.28.0-9.gitf707912
- Bump to ignition-dracut 7ee64ca
- * 3ec0b39 remove ignition-remount-sysroot.service files
* 66335f2 ignition: run files stage at original CL ordering
* 0301a03 ignition-disks.service: drop Requires=network.target
* a0bc135 ignition-ask-var-mount.service: use RemainAfterExit=yes
* ecf5779 module-setup.sh: explicitly install qemu_fw_cfg
* Mon Oct 15 2018 Dusty Mabe <dusty(a)dustymabe.com> - 0.28.0-8.gitf707912
- Bump to ignition-dracut 4bdfb34
- * 6d0763a module-setup: Make mkfs.btrfs optional
* Wed Oct 10 2018 Jonathan Lebon <jonathan(a)jlebon.com> - 0.28.0-7.gitf707912
- Backport patch for handling sysctl files correctly
https://github.com/coreos/coreos-assembler/pull/128
https://github.com/openshift/machine-config-operator/pull/123
--------------------------------------------------------------------------------
================================================================================
moodle-3.1.15-1.el7 (FEDORA-EPEL-2018-3f65916e08)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
CVE-2018-16854
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 21 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 3.1.15-1
- 3.1.15
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652022 - CVE-2018-16854 moodle: Login CSRF vulnerability in login form
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1652022
[ 2 ] Bug #1652021 - CVE-2018-16854 moodle: Login CSRF vulnerability in login form
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1652021
--------------------------------------------------------------------------------
================================================================================
pidgin-groupchat-typing-notifications-3-1.el7 (FEDORA-EPEL-2018-b1e948d2d4)
Adds typing notifications for group chats in Pidgin
--------------------------------------------------------------------------------
Update Information:
Updated to latest upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 21 2018 Vitaly Zaitsev <vitaly(a)easycoding.org> - 3-1
- Updated to version 3.
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Jan 23 2018 Vitaly Zaitsev <vitaly(a)easycoding.org> - 2-5
- Fixed build under Fedora Rawhide.
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
prosody-0.11.0-1.el7 (FEDORA-EPEL-2018-17d8e01040)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.11.0 ============== See upstream's blog post at
https://blog.prosody.im/prosody-0-11-0-released/ for a full overview of the
release features. This release includes significant improvements to MUC and
Pubsub, adds support for vCard4, mobile battery optimisations and Lua 5.2.
Upgrade notes ------------- There are some changes that users running previous
versions of Prosody should be aware of: Modules added ------------- *
`mod_csi_simple` This is a renamed version of the `mod_csi_pump` community
module. If you are using `mod_csi_pump` or do not yet have a CSI module set up,
we encourage you to use this one. * `mod_muc_mam` This replaces the
community module `mod_mam_muc` (note the name change!). It provides support
for archiving and querying chatroom messages using XEP-0313. It should be added
to `modules_enabled` under your MUC component: ``` Component
"rooms.example.com" "muc" modules_enabled = {
"muc_mam"; } ```
* `mod_vcard4`, `mod_vcard_legacy` Prosody now offers support for vCard4 in
`mod_vcard4`. Since most clients today do not yet support this format, if you
use this module you should also enable `mod_vcard_legacy`. These modules
are separate to the old `mod_vcard`, which still exists and works for services
that want to continue just supporting the older vcard-temp protocol. Modules
removed --------------- The following modules were deprecated in previous
releases and have been removed in 0.11: * `mod_storage_sql1` *
`mod_compression` * `mod_privacy` MySQL schema upgrade --------------------
Some limitations were found with the current MySQL schema that prevented it from
working properly with our new pubsub and PEP features. Prosody will refuse to
connect to the database until this is fixed, but this can be done easily with
the following command: ``` prosodyctl mod_storage_sql upgrade ``` Lua 5.2
------- The recommended Lua version for 0.11 is Lua 5.2, while Lua 5.1 is still
supported for the platforms that need it. However the 0.11.x series is the last
series that will still support Lua 5.1 (and by extension, LuaJIT).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 19 2018 Robert Scheck <robert(a)fedoraproject.org> 0.11.0-1
- Upgrade to 0.11.0
--------------------------------------------------------------------------------
================================================================================
purple-discord-0-21.20181108gita5dd44f.el7 (FEDORA-EPEL-2018-dc4a23a896)
Discord plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated to latest upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 21 2018 Vitaly Zaitsev <vitaly(a)easycoding.org> - 0-21.20181108gita5dd44f
- Updated to latest snapshot.
--------------------------------------------------------------------------------
================================================================================
purple-hangouts-0-61.20181118hg833609a.el7 (FEDORA-EPEL-2018-72ca37fac4)
Hangouts plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated to latest upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 21 2018 Vitaly Zaitsev <vitaly(a)easycoding.org> - 1:0-61.20181118hg833609a
- Updated to latest snapshot.
--------------------------------------------------------------------------------
================================================================================
resultsdb-2.1.2-1.el7 (FEDORA-EPEL-2018-0c88193688)
Results store for automated tasks
--------------------------------------------------------------------------------
Update Information:
- Support Python 3, use it on Fedora - Fix ImmutableMultiDict handling for
python 3.7 - Use tuples instead of list in RESULT_OUTCOME - Define resource
limits for the database container - Makefile: Use generic Makefile provided by
qa-make - Add config for task-dockerbuild
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 20 2018 Frantisek Zatloukal <fzatlouk(a)redhat.com> - 2.1.2-1
- Support Python 3, use it on Fedora
- Fix ImmutableMultiDict handling for python 3.7
- Use tuples instead of list in RESULT_OUTCOME
- Define resource limits for the database container
- Makefile: Use generic Makefile provided by qa-make
- Add config for task-dockerbuild
--------------------------------------------------------------------------------
================================================================================
vrms-rpm-2.0-1.el7 (FEDORA-EPEL-2018-eb17cc7c8c)
Report non-free software
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 2.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 20 2018 Artur Iwicki <fedora(a)svgames.pl> - 2.0-1
- Update to newest upstream release
- No longer a noarch package
--------------------------------------------------------------------------------
================================================================================
wsjtx-1.9.1-2.el7 (FEDORA-EPEL-2018-110a2a6c33)
Weak Signal communication by K1JT
--------------------------------------------------------------------------------
Update Information:
Initial release for EPEL 7.
--------------------------------------------------------------------------------