The following Fedora EPEL 7 Security updates need testing:
Age URL
203
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a
bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7
186
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
60
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6fa6cebc3
game-music-emu-0.6.2-1.el7
57
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b43fdd19c3
vcftools-0.1.16-1.el7
30
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-17b3c81533
cacti-1.2.0-1.el7 cacti-spine-1.2.0-2.el7
16
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bd6a1ae962
pdns-recursor-4.1.9-1.el7
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-26a7022f9a
golang-1.11.5-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5f60a8861f
kf5-kauth-5.52.0-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ignition-0.30.0-4.git308d7a0.el7
mosquitto-1.5.7-1.el7
python-dns-lexicon-3.1.5-1.el7
python-pycryptodomex-3.7.3-1.el7
Details about builds:
================================================================================
ignition-0.30.0-4.git308d7a0.el7 (FEDORA-EPEL-2019-d3013595f2)
First boot installer and configuration tool
--------------------------------------------------------------------------------
Update Information:
``` Bump to ignition-dracut 2c69925 - support platform configs and user configs
in /boot ^
https://github.com/coreos/ignition-dracut/pull/43 - Add ability
to parse config.ign file on boot ^
https://github.com/coreos/ignition-
dracut/pull/42 ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 15 2019 Dusty Mabe <dusty(a)dustymabe.com> - 0.30.0-4.git308d7a0
- Bump to ignition-dracut 2c69925
- * support platform configs and user configs in /boot
^
https://github.com/coreos/ignition-dracut/pull/43
* Add ability to parse config.ign file on boot
^
https://github.com/coreos/ignition-dracut/pull/42
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.30.0-3.git308d7a0
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mosquitto-1.5.7-1.el7 (FEDORA-EPEL-2019-b089414a9d)
An Open Source MQTT v3.1/v3.1.1 Broker
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version 1.5.7 ---- Fixes for the following CVES: *
CVE-2018-12546 * CVE-2018-12550 * CVE-2018-12551 The list of other fixes
addressed in version 1.5.6 is: Broker: * Fixed comment handling for config
options that have optional arguments. * Improved documentation around bridge
topic remapping. * Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2
reply) properly. * Fix spaces not being allowed in the bridge remote_username
option. Closes #1131. * Allow broker to always restart on Windows when using
log_dest file. Closes #1080. * Fix Will not being sent for Websockets clients.
Closes #1143. * Windows: Fix possible crash when client disconnects. Closes
#1137. * Fixed durable clients being unable to receive messages when offline,
when per_listener_settings was set to true. Closes #1081. * Add log message for
the case where a client is disconnected for sending a topic with invalid UTF-8.
Closes #1144. Library: * Fix TLS connections not working over SOCKS. * Don't
clear SSL context when TLS connection is closed, meaning if a user provided an
external SSL_CTX they have less chance of leaking references.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 16 2019 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.5.7-1
- Update to new upstream version 1.5.7
* Sat Feb 9 2019 Peter Robinson <pbrobinson(a)fedoraproject.org> 1.5.6-1
- 1.5.6 release
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-dns-lexicon-3.1.5-1.el7 (FEDORA-EPEL-2019-d13dc66eb0)
Manipulate DNS records on various DNS providers in a standardized/agnostic way
--------------------------------------------------------------------------------
Update Information:
- Update to 3.1.5 - Add meta-subpackkages for specific providers
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 15 2019 Eli Young <elyscape(a)gmail.com> - 3.1.5-1
- Update to 3.1.5 (#1671162)
- Add meta-subpackages for specific providers
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1671162 - python-dns-lexicon-3.1.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1671162
--------------------------------------------------------------------------------
================================================================================
python-pycryptodomex-3.7.3-1.el7 (FEDORA-EPEL-2019-66d7540be9)
A self-contained cryptographic library for Python
--------------------------------------------------------------------------------
Update Information:
# 3.7.3 (19 January 2019) Resolved issues --------------- * GH#258: False
positive on PSS signatures when externally provided salt is too long. * Include
type stub files for ``Crypto.IO`` and ``Crypto.Util``. # 3.7.2 (26 November
2018) Resolved issues --------------- * GH#242: Fixed compilation problem on
ARM platforms. # 3.7.1 (25 November 2018) New features ------------ * Added
type stubs to enable static type checking with mypy. Thanks to Michael Nix. *
New ``update_after_digest`` flag for CMAC. Resolved issues --------------- *
GH#232: Fixed problem with gcc 4.x when compiling ``ghash_clmul.c``. * GH#238:
Incorrect digest value produced by CMAC after cloning the object. * Method
``update()`` of an EAX cipher object was returning the underlying CMAC object,
instead of the EAX object itself. * Method ``update()`` of a CMAC object was not
throwing an exception after the digest was computed (with ``digest()`` or
``verify()``).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 15 2019 Mohamed El Morabity <melmorabity(a)fedoraproject.org> - 3.7.3-1
- Update to 3.7.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1667800 - python-pycryptodomex-3.7.3x is available
https://bugzilla.redhat.com/show_bug.cgi?id=1667800
--------------------------------------------------------------------------------