The following Fedora EPEL 7 Security updates need testing: Age URL 676 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 438 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 157 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7 140 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 20 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0fa3a954b0 borgbackup-1.0.9-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bb32162e83 php-swiftmailer-5.4.5-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92129d651d exim-4.88-2.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-770d2afc7d mingw-flac-1.3.2-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fbb2447c6e php-PHPMailer-5.2.22-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-80cfb13391 moodle-3.2.1-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3d29bf8e34 php-ZendFramework2-2.4.11-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f1acebb58b wordpress-4.7.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
RBTools-0.7.8-1.el7.1 drupal7-honeypot-1.22-1.el7 flr-0.0.1-1.el7 golang-github-go-ini-ini-1.21.1-0.1.git6e4869b.el7 golang-github-hashicorp-errwrap-0-0.5.git7554cd9.el7 golang-github-hashicorp-go-multierror-0-0.9.gitd30f099.el7 golang-github-jtolds-gls-0-0.7.git9a4a02d.el7 golang-github-smartystreets-assertions-1.6.0-0.3.git287b434.el7 golang-github-smartystreets-goconvey-1.6.1-0.3.gitbf58a9a.el7 hitch-1.4.4-2.el7 mongodb-2.6.12-4.el7 pcre2-10.21-12.el7 perl-Net-UPnP-1.4.3-5.el7 perl-PHP-Serialization-0.34-16.el7 php-pdepend-PHP-Depend-2.4.1-1.el7 plplot-5.10.0-10.el7 prosody-0.9.12-1.el7 python-argcomplete-1.7.0-1.el7 python-cvss-1.7-1.el7 python-plumbum-1.6.0-5.el7 qpdfview-0.4.16-3.el7 webalizer-2.23_08-6.el7 wordpress-4.7.1-1.el7 youtube-dl-2017.01.10-1.el7
Details about builds:
================================================================================ RBTools-0.7.8-1.el7.1 (FEDORA-EPEL-2017-543894053e) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information:
https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.8/ -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409935 - [abrt] RBTools: __init__.py:829:resolve:DistributionNotFound: The 'tqdm' distribution was not found and is required by RBTools https://bugzilla.redhat.com/show_bug.cgi?id=1409935 --------------------------------------------------------------------------------
================================================================================ drupal7-honeypot-1.22-1.el7 (FEDORA-EPEL-2017-5ff4608619) Mitigates spam form submissions using the honeypot method -------------------------------------------------------------------------------- Update Information:
Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site (read more here). These methods are effective against many spam bots, and are not as intrusive as CAPTCHAs or other methods which punish the user [YouTube]. The module currently supports enabling for all forms on the site, or particular forms like user registration or password reset forms, webforms, contact forms, node forms, and comment forms. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1100973 - Review Request: drupal7-honeypot - Honeypot uses both the honeypot and timestamp methods of deterring spam bots https://bugzilla.redhat.com/show_bug.cgi?id=1100973 --------------------------------------------------------------------------------
================================================================================ flr-0.0.1-1.el7 (FEDORA-EPEL-2017-60de8b663b) Fedora Releng python libraries and command line tools -------------------------------------------------------------------------------- Update Information:
First release of flr for Fedora. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1411502 - Review Request: flr - Fedora RelEng python libraries and command line tools https://bugzilla.redhat.com/show_bug.cgi?id=1411502 --------------------------------------------------------------------------------
================================================================================ golang-github-go-ini-ini-1.21.1-0.1.git6e4869b.el7 (FEDORA-EPEL-2017-7dace4bddf) Package ini provides INI file read and write functionality in Go -------------------------------------------------------------------------------- Update Information:
Bump to upstream 6e4869b434bd001f6983749881c7ead3545887d8 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1412590 - Tracker for golang-github-go-ini-ini https://bugzilla.redhat.com/show_bug.cgi?id=1412590 --------------------------------------------------------------------------------
================================================================================ golang-github-hashicorp-errwrap-0-0.5.git7554cd9.el7 (FEDORA-EPEL-2017-8af304255b) Errwrap is a Go (golang) library for wrapping and querying errors -------------------------------------------------------------------------------- Update Information:
Polish the spec file -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1412620 - Tracker for golang-github-hashicorp-errwrap https://bugzilla.redhat.com/show_bug.cgi?id=1412620 --------------------------------------------------------------------------------
================================================================================ golang-github-hashicorp-go-multierror-0-0.9.gitd30f099.el7 (FEDORA-EPEL-2017-d1479a5265) Package for representing a list of errors as a single error -------------------------------------------------------------------------------- Update Information:
Polish the spec file -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1250466 - Tracker for golang-github-hashicorp-go-multierror https://bugzilla.redhat.com/show_bug.cgi?id=1250466 --------------------------------------------------------------------------------
================================================================================ golang-github-jtolds-gls-0-0.7.git9a4a02d.el7 (FEDORA-EPEL-2017-f885c95e0c) Goroutine local storage -------------------------------------------------------------------------------- Update Information:
Polish the spec file -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1250490 - Tracker for golang-github-jtolds-gls https://bugzilla.redhat.com/show_bug.cgi?id=1250490 --------------------------------------------------------------------------------
================================================================================ golang-github-smartystreets-assertions-1.6.0-0.3.git287b434.el7 (FEDORA-EPEL-2017-02038a0609) Fluent assertion-style functions -------------------------------------------------------------------------------- Update Information:
Polish the spec file -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1250509 - Tracker for golang-github-smartystreets-assertions https://bugzilla.redhat.com/show_bug.cgi?id=1250509 --------------------------------------------------------------------------------
================================================================================ golang-github-smartystreets-goconvey-1.6.1-0.3.gitbf58a9a.el7 (FEDORA-EPEL-2017-789eeeb6ad) Behavioral testing in the browser, integrates with go test -------------------------------------------------------------------------------- Update Information:
Polish the spec file -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1250511 - Tracker for golang-github-smartystreets-goconvey https://bugzilla.redhat.com/show_bug.cgi?id=1250511 --------------------------------------------------------------------------------
================================================================================ hitch-1.4.4-2.el7 (FEDORA-EPEL-2017-9ca0efb2d7) Network proxy that terminates TLS/SSL connections -------------------------------------------------------------------------------- Update Information:
New upstream release. A bugfix and comptibility release. From the upstream changelog: * OpenSSL 1.1.0 compatibility fixes. OpenSSL 1.1.0 is now fully supported with Hitch. * Fix a bug in the OCSP refresh code that could make it loop with immediate refreshes flooding an OCSP responder. * Force the SSL_OP_SINGLE_DH_USE setting. This protects against an OpenSSL vulnerability where a remote attacker could discover private DH exponents (CVE-2016-0701). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1405948 - OSCP stapling not working by default https://bugzilla.redhat.com/show_bug.cgi?id=1405948 --------------------------------------------------------------------------------
================================================================================ mongodb-2.6.12-4.el7 (FEDORA-EPEL-2017-5805758e8b) High-performance, schema-free document-oriented database -------------------------------------------------------------------------------- Update Information:
Fix logrotate configuration file - to avoid creating 0-length files. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1410238 - logrotate creates unwanted 0-length files https://bugzilla.redhat.com/show_bug.cgi?id=1410238 --------------------------------------------------------------------------------
================================================================================ pcre2-10.21-12.el7 (FEDORA-EPEL-2017-389e9670e5) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information:
This release fixes compiling a class with Unicode properties and without UTF mode. It also fixes an ouf-of-bound read in pcre2test tool within POSIX mode. --------------------------------------------------------------------------------
================================================================================ perl-Net-UPnP-1.4.3-5.el7 (FEDORA-EPEL-2017-1cff194ad3) Perl extension for UPnP -------------------------------------------------------------------------------- Update Information:
Initial EPEL 7 build. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1123233 - Please Branch perl-Net-UPnP for EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1123233 --------------------------------------------------------------------------------
================================================================================ perl-PHP-Serialization-0.34-16.el7 (FEDORA-EPEL-2017-659b0463f7) Converts between PHP's serialize() output and the equivalent Perl structure -------------------------------------------------------------------------------- Update Information:
Perl 5.24 rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1412422 - Plans for EPEL 6 & 7 https://bugzilla.redhat.com/show_bug.cgi?id=1412422 --------------------------------------------------------------------------------
================================================================================ php-pdepend-PHP-Depend-2.4.1-1.el7 (FEDORA-EPEL-2017-fef0adb8c8) PHP_Depend design quality metrics for PHP package -------------------------------------------------------------------------------- Update Information:
**pdepend-2.4.1** (2017/01/11) This release closes a bug within PDepend's parser when keywords are used as method or constant names in PHP 7.0 - Fixes an issue with methods or constants with keyword identifiers called/accessed in PHP 7. ---- **pdepend-2.4.0** (2017/01/10) This release implements language features like Anonymous Classes, Group use Declarations, Uniform Variable Syntax or Loosening Reserved Word Restrictions that were introduced with PHP 7.0, so that PDepend 2.4 is now PHP 7.0 compatible. - Fixed #281: PHP 7 - Anonymous Class - Internal parser state issues - Fixed #285: Parse the magic constant __TRAIT__ - Fixed #210: Partial Class Namespace is Calculated Twice: in Global and it's Own Namespace - Implemented #280: Refactor SymbolTable - Implemented #282: PHP 7 - Group use declarations - Implemented #269: Unexpected token: :: (implicit object / method usage) - Implemented #204: Support for the ... operator in function calls - Implemented #290: Unexpected token: ARRAY (reserved keyword as a class constant) --------------------------------------------------------------------------------
================================================================================ plplot-5.10.0-10.el7 (FEDORA-EPEL-2017-a81965d35f) Library of functions for making scientific plots -------------------------------------------------------------------------------- Update Information:
Re-enable octave --------------------------------------------------------------------------------
================================================================================ prosody-0.9.12-1.el7 (FEDORA-EPEL-2017-2553435184) Flexible communications server for Jabber/XMPP -------------------------------------------------------------------------------- Update Information:
Prosody 0.9.12 ============== A summary of changes in this release: * Dependencies: Fix certificate verification failures when using LuaSec 0.6 (fixes #781) * mod_s2s: Lower log message to 'warn' level, standard for remotely- triggered protocol issues * certs/Makefile: Remove -c flag from chmod call (a GNU extension) * Networking: Prevent writes after a handler is closed (fixes #783) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1412102 - prosody-0.9.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1412102 --------------------------------------------------------------------------------
================================================================================ python-argcomplete-1.7.0-1.el7 (FEDORA-EPEL-2017-fa94f36800) Bash tab completion for argparse -------------------------------------------------------------------------------- Update Information:
From 0.8.8 -> 1.7.0 https://github.com/kislyuk/argcomplete/blob/master/Changes.rst --------------------------------------------------------------------------------
================================================================================ python-cvss-1.7-1.el7 (FEDORA-EPEL-2017-8bbbb95318) CVSS2/3 library with interactive calculator -------------------------------------------------------------------------------- Update Information:
- New release v1.7 - Fixes regression introduced in v1.5. Interactive calculator failed for CVSS3 as it did not provide mandatory prefix. ---- - New release v1.6. - Fix to ensure cvss2 score is never negative. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402174 - python-cvss-v1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1402174 [ 2 ] Bug #1412158 - python-cvss-v1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1412158 --------------------------------------------------------------------------------
================================================================================ python-plumbum-1.6.0-5.el7 (FEDORA-EPEL-2017-2b9e829660) Shell combinators library -------------------------------------------------------------------------------- Update Information:
Disabled Python 3 build for EPEL --------------------------------------------------------------------------------
================================================================================ qpdfview-0.4.16-3.el7 (FEDORA-EPEL-2017-e0e1580755) Tabbed PDF Viewer -------------------------------------------------------------------------------- Update Information:
First EPEL7 build --------------------------------------------------------------------------------
================================================================================ webalizer-2.23_08-6.el7 (FEDORA-EPEL-2017-4e19a89878) A flexible Web server log file analysis program -------------------------------------------------------------------------------- Update Information:
Add patch to fix some undefined behaviour by switching to memmove() (#1409349) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409349 - webalizer damages webalizer.hist https://bugzilla.redhat.com/show_bug.cgi?id=1409349 --------------------------------------------------------------------------------
================================================================================ wordpress-4.7.1-1.el7 (FEDORA-EPEL-2017-f1acebb58b) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
**WordPress 4.7.1** Security and Maintenance Release This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues: * Remote code execution (RCE) in PHPMailer ��� No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was reported to PHPMailer by Dawid Golunski and Paul Buonopane. * The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean. * Cross-site scripting (XSS) via the plugin name or version header on update- core.php. Reported by Dominik Schilling of the WordPress Security Team. * Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam. * Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince. * Post via email checks mail.example.com if default settings aren���t changed. Reported by John Blackbourn of the WordPress Security Team. * A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing. * Weak cryptographic security for multisite activation key. Reported by Jack. Thank you to the reporters for practicing responsible disclosure. In addition to the security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more information, see the [release notes](https://codex.wordpress.org/Version_4.7.1) or consult the [list of changes](https://core.trac.wordpress.org/query?milestone=4.7.1). --------------------------------------------------------------------------------
================================================================================ youtube-dl-2017.01.10-1.el7 (FEDORA-EPEL-2017-bd8b161195) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information:
Update to new release to fix youtube support ---- New upstream release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1412668 - youtube-dl: ERROR: Signature extraction failed https://bugzilla.redhat.com/show_bug.cgi?id=1412668 [ 2 ] Bug #1409343 - youtube-dl-2017.01.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1409343 [ 3 ] Bug #1403632 - youtube-dl-2016.12.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1403632 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org