The following Fedora EPEL 7 Security updates need testing:
Age URL
645
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
407
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
126
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c
redis-3.2.3-1.el7
109
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
52
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6
compat-guile18-1.8.8-14.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0e9b9b02bb
phpMyAdmin-4.4.15.9-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-89c47c50a3
mingw-gdk-pixbuf-2.30.8-2.el7 mingw-qt5-qtimageformats-5.6.0-2.el7
mingw-jasper-1.900.28-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bd288eeb9f
php-php-gettext-1.0.12-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7059e6dc35
roundcubemail-1.1.7-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fd41ef0987
php-simplesamlphp-saml2-2.3.3-1.el7 php-simplesamlphp-saml2_1-1.10.3-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-967040283d
lxc-1.0.9-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-090cbd0a83
botan-1.10.14-3.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
asio-1.10.8-1.el7
botan-1.10.14-3.el7
fedora-packager-0.6.0.0-3.el7
fedpkg-minimal-1.1.0-7.el7
ioping-1.0-1.el7
koji-1.11.0-1.el7
ninja-build-1.7.2-2.el7
perl-Compress-Raw-Lzma-2.061-2.el7
psysh-0.8.0-1.el7
youtube-dl-2016.12.09-1.el7
Details about builds:
================================================================================
asio-1.10.8-1.el7 (FEDORA-EPEL-2016-24d5d82964)
A cross-platform C++ library for network programming
--------------------------------------------------------------------------------
Update Information:
update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1396638 - asio FTBFS
https://bugzilla.redhat.com/show_bug.cgi?id=1396638
--------------------------------------------------------------------------------
================================================================================
botan-1.10.14-3.el7 (FEDORA-EPEL-2016-090cbd0a83)
Crypto library written in C++
--------------------------------------------------------------------------------
Update Information:
### Botan 1.10.14 ### * NOTE WELL: Botan 1.10.x is supported for security
patches only until 2017-12-31 * Fix integer overflow during BER decoding, found
by Falko Strenzke. This bug is not thought to be directly exploitable but
upgrading ASAP is advised. (CVE-2016-9132) * Fix two cases where (in error
situations) an exception would be thrown from a destructor, causing a call to
std::terminate. * When RC4 is disabled in the build, also prevent it from being
included in the OpenSSL provider. (GH #638)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400894 - CVE-2016-9132 botan: Integer overflow in BER decoder
https://bugzilla.redhat.com/show_bug.cgi?id=1400894
--------------------------------------------------------------------------------
================================================================================
fedora-packager-0.6.0.0-3.el7 (FEDORA-EPEL-2016-b92463563b)
Tools for setting up a fedora maintainer environment
--------------------------------------------------------------------------------
Update Information:
Updates needed for the fedora infra flag day 2016 Dependency on krb5-workstation
fixed. ---- Add --new-chroot option for runroot plugin, allowing mock inside
koji to use systemd-nspawn style chroot.
--------------------------------------------------------------------------------
================================================================================
fedpkg-minimal-1.1.0-7.el7 (FEDORA-EPEL-2016-5e10c95014)
Script to allow fedpkg fetch to work
--------------------------------------------------------------------------------
Update Information:
needed to fix building with flag day changes ---- updates needed for new
sources format ---- This update provides handling for the new sources format
created as part of the flag day changes.
--------------------------------------------------------------------------------
================================================================================
ioping-1.0-1.el7 (FEDORA-EPEL-2016-ddc912c649)
Simple disk I/O latency monitoring tool
--------------------------------------------------------------------------------
Update Information:
Update
--------------------------------------------------------------------------------
================================================================================
koji-1.11.0-1.el7 (FEDORA-EPEL-2016-b92463563b)
Build system tools
--------------------------------------------------------------------------------
Update Information:
Updates needed for the fedora infra flag day 2016 Dependency on krb5-workstation
fixed. ---- Add --new-chroot option for runroot plugin, allowing mock inside
koji to use systemd-nspawn style chroot.
--------------------------------------------------------------------------------
================================================================================
ninja-build-1.7.2-2.el7 (FEDORA-EPEL-2016-b8e2abd1bc)
A small build system with a focus on speed
--------------------------------------------------------------------------------
Update Information:
Update to 1.7.2
--------------------------------------------------------------------------------
================================================================================
perl-Compress-Raw-Lzma-2.061-2.el7 (FEDORA-EPEL-2016-631b5111aa)
Low-level interface to lzma compression library
--------------------------------------------------------------------------------
Update Information:
This updated version of the package is built against the new xz 5.2.2 in EL 7.3.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403868 - Error: Package: perl-Compress-Raw-Lzma-2.061-1.el7.x86_64 (@epel)
Requires: xz-libs(x86-64) = 5.1.2
https://bugzilla.redhat.com/show_bug.cgi?id=1403868
--------------------------------------------------------------------------------
================================================================================
psysh-0.8.0-1.el7 (FEDORA-EPEL-2016-03e624d8e6)
A runtime developer console, interactive debugger and REPL for PHP
--------------------------------------------------------------------------------
Update Information:
## v0.8.0 #### New * Add a Hoa\Console-based pure PHP readline fallback, for
PHP installs compiled without readline or libedit (Thanks @zonuexe) *
Automatically check for updates (Thanks @eeree!) * Add an updateCheck frequency
configuration. It defaults to weekly, but you can set it to always, daily,
weekly, monthly or never. * Update to PHP Parser v3.0, with better PHP 7.1
support (Thanks @GrahamCampbell!) * Add support for language constructs (isset,
unset, empty, etc) in the doc command. * Build a psysh-compat as well as psysh
Phar. The second Phar contains polyfills for intl and readline. It's quite a bit
bigger, but also quite a bit more useful for PHP installs without all the bells
and whistles. #### Improved * Fix "uninitialized string offset" in
autocomplete matchers. * Prevent PHP's built-in webserver from hanging after
debugging (Thanks @5tevan!) * Allow recursive static calls when defining
classes. * Shrink compiled Phar size by ~10%. * Fix VarDumper truncating null
bytes in output. * Add support for multiline comment input. * Catch invalid pass
by reference arguments. * Better handling for Error in newer PHPs. * Better
formatting for error output. * Build Phar with detect_unicode=Off if compiled
under PHP 5.3, because PHP 5.3. * Various fixes for HHVM tests. #### And a
couple of things I'm prolly more excited about than you: * Test the lowest
versions of all dependencies in CI. They're all currently failing, but it's a
start :) * Speed up CI builds by disabling xdebug. * Build GitHub releases on CI
for great justice.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1403040 - psysh-0.8.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1403040
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2016.12.09-1.el7 (FEDORA-EPEL-2016-522dd00d66)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1400607 - youtube-dl-2016.12.09 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1400607
--------------------------------------------------------------------------------