The following Fedora EPEL 7 Security updates need testing:
Age URL
220
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
91
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b43fdd19c3
vcftools-0.1.16-1.el7
28
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8311ec8a2
tor-0.3.5.8-1.el7
22
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9c2c40e3df
guacamole-server-1.0.0-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3817296b2f
tcpreplay-4.3.2-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-7e4233c554
mxml-3.0-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c43166839f
pdns-4.1.7-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-a578ca80ae
putty-0.71-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-317c9a2f81
drupal7-7.65-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ansible-lint-3.5.1-1.el7
chromium-73.0.3683.75-2.el7
fts-3.8.4-2.el7
js-jsroot-5.6.4-1.el7
netdata-1.13.0-2.el7
python-rope-0.14.0-1.el7
s3fs-fuse-1.85-1.el7
wordpress-5.1.1-4.el7
Details about builds:
================================================================================
ansible-lint-3.5.1-1.el7 (FEDORA-EPEL-2019-35904ace3a)
Best practices checker for Ansible
--------------------------------------------------------------------------------
Update Information:
build 3.5.1 upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 21 2019 Parag Nemade <pnemade AT redhat DOT com> - 3.5.1-1
- build 3.5.1 upstream release
--------------------------------------------------------------------------------
================================================================================
chromium-73.0.3683.75-2.el7 (FEDORA-EPEL-2019-e15d1bbc7e)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to 73.0.3683.75. Fixes large bucket of CVEs. CVE-2019-5754 CVE-2019-5782
CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759
CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764
CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-2019-5768 CVE-2019-5769
CVE-2019-5770 CVE-2019-5771 CVE-2019-5772 CVE-2019-5773 CVE-2019-5774
CVE-2019-5775 CVE-2019-5776 CVE-2019-5777 CVE-2019-5778 CVE-2019-5779
CVE-2019-5780 CVE-2019-5781 CVE-2019-5784 CVE-2019-5786 CVE-2019-5787
CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792
CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797
CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5802 CVE-2019-5803
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2019 Tom Callaway <spot(a)fedoraproject.org> - 73.0.3683.75-2
- do not include pyproto/protoc files in package
* Tue Mar 12 2019 Tom Callaway <spot(a)fedoraproject.org> - 73.0.3683.75-1
- update to 73.0.3683.75
* Sat Mar 9 2019 Tom Callaway <spot(a)fedoraproject.org> - 72.0.3626.121-1
- update to 72.0.3626.121
* Tue Feb 26 2019 Tom Callaway <spot(a)fedoraproject.org> - 71.0.3578.98-5
- rebuild for libva api change
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
71.0.3578.98-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 21 2019 Tom Callaway <spot(a)fedoraproject.org> - 71.0.3578.98-3
- rebuild with widevine fix
* Tue Jan 8 2019 Tom Callaway <spot(a)fedoraproject.org> - 71.0.3578.98-2
- drop rsp clobber, which breaks gcc9 (thanks to Jeff Law)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1688206 - CVE-2019-5804 chromium-browser: Command line command injection on
Windows
https://bugzilla.redhat.com/show_bug.cgi?id=1688206
[ 2 ] Bug #1688205 - CVE-2019-5803 chromium-browser: CSP bypass with Javascript
URLs'
https://bugzilla.redhat.com/show_bug.cgi?id=1688205
[ 3 ] Bug #1688204 - CVE-2019-5802 chromium-browser: Security UI spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1688204
[ 4 ] Bug #1688203 - CVE-2019-5801 chromium-browser: Incorrect Omnibox display on iOS
https://bugzilla.redhat.com/show_bug.cgi?id=1688203
[ 5 ] Bug #1688202 - CVE-2019-5800 chromium-browser: CSP bypass with blob URL
https://bugzilla.redhat.com/show_bug.cgi?id=1688202
[ 6 ] Bug #1688201 - CVE-2019-5799 chromium-browser: CSP bypass with blob URL
https://bugzilla.redhat.com/show_bug.cgi?id=1688201
[ 7 ] Bug #1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia
https://bugzilla.redhat.com/show_bug.cgi?id=1688200
[ 8 ] Bug #1688199 - CVE-2019-5797 chromium-browser: Race condition in DOMStorage
https://bugzilla.redhat.com/show_bug.cgi?id=1688199
[ 9 ] Bug #1688198 - CVE-2019-5796 chromium-browser: Race condition in Extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1688198
[ 10 ] Bug #1688197 - CVE-2019-5795 chromium-browser: Integer overflow in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1688197
[ 11 ] Bug #1688196 - CVE-2019-5794 chromium-browser: Security UI spoofing
https://bugzilla.redhat.com/show_bug.cgi?id=1688196
[ 12 ] Bug #1688195 - CVE-2019-5793 chromium-browser: Excessive permissions for private
API in Extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1688195
[ 13 ] Bug #1688194 - CVE-2019-5792 chromium-browser: Integer overflow in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1688194
[ 14 ] Bug #1688193 - CVE-2019-5791 chromium-browser: Type confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1688193
[ 15 ] Bug #1688192 - CVE-2019-5790 chromium-browser: Heap buffer overflow in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1688192
[ 16 ] Bug #1688191 - CVE-2019-5789 chromium-browser: Use after free in WebMIDI
https://bugzilla.redhat.com/show_bug.cgi?id=1688191
[ 17 ] Bug #1688190 - CVE-2019-5788 chromium-browser: Use after free in FileAPI
https://bugzilla.redhat.com/show_bug.cgi?id=1688190
[ 18 ] Bug #1688189 - CVE-2019-5787 chromium-browser: Use after free in Canvas
https://bugzilla.redhat.com/show_bug.cgi?id=1688189
[ 19 ] Bug #1685162 - CVE-2019-5786 chromium-browser: Use-after-free in FileReader
https://bugzilla.redhat.com/show_bug.cgi?id=1685162
[ 20 ] Bug #1676527 - CVE-2019-5784 chromium-browser: Inappropriate implementation in
V8
https://bugzilla.redhat.com/show_bug.cgi?id=1676527
[ 21 ] Bug #1670764 - CVE-2019-5780 chromium-browser: Insufficient policy enforcement
https://bugzilla.redhat.com/show_bug.cgi?id=1670764
[ 22 ] Bug #1670763 - CVE-2019-5779 chromium-browser: Insufficient policy enforcement in
ServiceWorker
https://bugzilla.redhat.com/show_bug.cgi?id=1670763
[ 23 ] Bug #1670762 - CVE-2019-5778 chromium-browser: Insufficient policy enforcement in
Extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1670762
[ 24 ] Bug #1670761 - CVE-2019-5777 chromium-browser: Insufficient policy enforcement in
Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1670761
[ 25 ] Bug #1670760 - CVE-2019-5776 chromium-browser: Insufficient policy enforcement in
Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1670760
[ 26 ] Bug #1670759 - CVE-2019-5775 chromium-browser: Insufficient policy enforcement in
Omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1670759
[ 27 ] Bug #1670758 - CVE-2019-5774 chromium-browser: Insufficient validation of
untrusted input in SafeBrowsing
https://bugzilla.redhat.com/show_bug.cgi?id=1670758
[ 28 ] Bug #1670757 - CVE-2019-5773 chromium-browser: Insufficient data validation in
IndexedDB
https://bugzilla.redhat.com/show_bug.cgi?id=1670757
[ 29 ] Bug #1670756 - CVE-2019-5772 chromium-browser: Use after free in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1670756
[ 30 ] Bug #1670755 - CVE-2019-5771 chromium-browser: Heap buffer overflow in
SwiftShader
https://bugzilla.redhat.com/show_bug.cgi?id=1670755
[ 31 ] Bug #1670754 - CVE-2019-5770 chromium-browser: Heap buffer overflow in WebGL
https://bugzilla.redhat.com/show_bug.cgi?id=1670754
[ 32 ] Bug #1670753 - CVE-2019-5769 chromium-browser: Insufficient validation of
untrusted input in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1670753
[ 33 ] Bug #1670752 - CVE-2019-5768 chromium-browser: Insufficient policy enforcement in
DevTools
https://bugzilla.redhat.com/show_bug.cgi?id=1670752
[ 34 ] Bug #1670751 - CVE-2019-5767 chromium-browser: Incorrect security UI in WebAPKs
https://bugzilla.redhat.com/show_bug.cgi?id=1670751
[ 35 ] Bug #1670750 - CVE-2019-5766 chromium-browser: Insufficient policy enforcement in
Canvas
https://bugzilla.redhat.com/show_bug.cgi?id=1670750
[ 36 ] Bug #1670749 - CVE-2019-5765 chromium-browser: Insufficient policy enforcement in
the browser
https://bugzilla.redhat.com/show_bug.cgi?id=1670749
[ 37 ] Bug #1670748 - CVE-2019-5764 chromium-browser: Use after free in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1670748
[ 38 ] Bug #1670747 - CVE-2019-5763 chromium-browser: Insufficient validation of
untrusted input in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1670747
[ 39 ] Bug #1670746 - CVE-2019-5762 chromium-browser: Use after free in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1670746
[ 40 ] Bug #1670745 - CVE-2019-5761 chromium-browser: Use after free in SwiftShader
https://bugzilla.redhat.com/show_bug.cgi?id=1670745
[ 41 ] Bug #1670744 - CVE-2019-5760 chromium-browser: Use after free in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1670744
[ 42 ] Bug #1670743 - CVE-2019-5759 chromium-browser: Use after free in HTML select
elements
https://bugzilla.redhat.com/show_bug.cgi?id=1670743
[ 43 ] Bug #1670742 - CVE-2019-5758 chromium-browser: Use after free in Blink
https://bugzilla.redhat.com/show_bug.cgi?id=1670742
[ 44 ] Bug #1670741 - CVE-2019-5757 chromium-browser: Type Confusion in SVG
https://bugzilla.redhat.com/show_bug.cgi?id=1670741
[ 45 ] Bug #1670740 - CVE-2019-5756 chromium-browser: Use after free in PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1670740
[ 46 ] Bug #1670739 - CVE-2019-5755 chromium-browser: Inappropriate implementation in
V8
https://bugzilla.redhat.com/show_bug.cgi?id=1670739
[ 47 ] Bug #1670738 - CVE-2019-5782 chromium-browser: Inappropriate implementation in
V8
https://bugzilla.redhat.com/show_bug.cgi?id=1670738
[ 48 ] Bug #1670737 - CVE-2019-5754 chromium-browser: Inappropriate implementation in
QUIC Networking
https://bugzilla.redhat.com/show_bug.cgi?id=1670737
--------------------------------------------------------------------------------
================================================================================
fts-3.8.4-2.el7 (FEDORA-EPEL-2019-6c7c4c1381)
File Transfer Service V3
--------------------------------------------------------------------------------
Update Information:
* new upstream release ---- * new upstream release ---- * new upstream
release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 22 2019 Andrea Manzi <amanzi(a)cern.ch> - 3.8.4-2
- New upstream release
* Tue Mar 19 2019 Andrea Manzi <amanzi(a)cern.ch> - 3.8.4-1
- New upstream release
* Fri Feb 22 2019 Andrea Manzi <amanzi(a)cern.ch> - 3.8.3-1
- New upstream release
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.7.8-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 21 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 3.7.8-3
- Rebuild for protobuf 3.6
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.7.8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
js-jsroot-5.6.4-1.el7 (FEDORA-EPEL-2019-1ae8130a8d)
JavaScript ROOT - Interactive numerical data analysis graphics
--------------------------------------------------------------------------------
Update Information:
jsroot 5.6.4
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 22 2019 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 5.6.4-1
- Update to version 5.6.4
--------------------------------------------------------------------------------
================================================================================
netdata-1.13.0-2.el7 (FEDORA-EPEL-2019-36a152fd9b)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Fix bash and sh path on el6 ---- Update from upstream ---- Fix upstream
archive name (source0)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1684719 - Review Request: netdata - Real-time performance monitoring
https://bugzilla.redhat.com/show_bug.cgi?id=1684719
--------------------------------------------------------------------------------
================================================================================
python-rope-0.14.0-1.el7 (FEDORA-EPEL-2019-a9c8bdf564)
Python Code Refactoring Library
--------------------------------------------------------------------------------
Update Information:
Update to the upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 23 2019 Mat��j Cepl <mcepl(a)cepl.eu> - 0.14.0-1
- Update to the latest upstream release.
- Change license from GPLv2+ to LGPLv3+
* Fri Mar 8 2019 Troy Dawson <tdawson(a)redhat.com> - 0.12.0-2
- Rebuilt to change main python from 3.4 to 3.6
* Mon Feb 11 2019 Mat��j Cepl <mcepl(a)cepl.eu> - 0.12.0-1
- Update to the latest upstream release.
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sun Oct 28 2018 Mukundan Ragavan <nonamedotc(a)fedoraproject.org> - 0.11.0-2
- Drop python2 package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1691954 - python-rope-0.14.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1691954
--------------------------------------------------------------------------------
================================================================================
s3fs-fuse-1.85-1.el7 (FEDORA-EPEL-2019-af0f687e70)
FUSE-based file system backed by Amazon S3
--------------------------------------------------------------------------------
Update Information:
Fix cross building (
https://github.com/s3fs-fuse/s3fs-fuse/pull/985) Update to
1.85 (Full changelog:
https://github.com/s3fs-fuse/s3fs-fuse/releases/tag/v1.85)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2019 Julio Gonzalez Gil <git(a)juliogonzalez.es> - 1.85-1
- Fix cross building (
https://github.com/s3fs-fuse/s3fs-fuse/pull/985)
* 985-fix-cross-building.patch
- Support Curl lower than 7.25 (CentOS6)
(
https://github.com/s3fs-fuse/s3fs-fuse/pull/987)
* 987-support-curl-lt-7-25.patch
- Update to 1.85 from
https://github.com/s3fs-fuse/s3fs-fuse
Full changelog:
https://github.com/s3fs-fuse/s3fs-fuse/releases/tag/v1.85
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.84-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
wordpress-5.1.1-4.el7 (FEDORA-EPEL-2019-15679bf3f9)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
Fix empty wp-tinymce.js.gz and missing wp-tinymce.js ---- Upstream
announcement: [WordPress 5.1.1 Security and Maintenance
Release](https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-
maintenance-release/)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 22 2019 Remi Collet <remi(a)remirepo.net> - 5.1.1-4
- fix wp-tinymce.js is missing, wp-tinymce.js.gz is empty #1691524
* Wed Mar 13 2019 Remi Collet <remi(a)remirepo.net> - 5.1.1-1
- WordPress 5.1.1 Security and Maintenance Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1691524 - wp-tinymce.js.gz is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1691524
--------------------------------------------------------------------------------