The following Fedora EPEL 7 Security updates need testing:
Age URL
844
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
606
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
188
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
86
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
84
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4
tnef-1.4.14-1.el7
83
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
18
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4aae1e22f1
lxc-1.0.10-2.el7
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d9786818e4
python-nbxmpp-0.5.6-1.el7 gajim-0.16.8-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30baf73207
chromium-59.0.3071.104-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-abfcb66c76
python-djblets-0.9.8-1.el7 ReviewBoard-2.5.13.1-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5ab90c7180
zabbix20-2.0.21-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-eb357ac3b3
zabbix22-2.2.18-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7c2e699925
catdoc-0.95-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b6bc17c1
globus-xio-5.16-1.el7 globus-net-manager-0.17-1.el7 globus-gass-cache-program-6.7-1.el7
globus-gass-copy-9.27-1.el7 globus-gssapi-gsi-12.16-1.el7
globus-gram-job-manager-14.36-1.el7 globus-gridftp-server-12.2-1.el7 globus-io-11.9-1.el7
globus-xio-gsi-driver-3.11-1.el7 globus-xio-pipe-driver-3.10-1.el7
globus-xio-udt-driver-1.27-1.el7 myproxy-6.1.28-1.el7 globus-ftp-client-8.35-2.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bcfa38e123
drupal7-7.56-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1ee32a5ffa
libtomcrypt-1.17-25.el7 libtommath-0.42.0-5.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2b04537603
phpMyAdmin-4.4.15.10-2.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2ba20eeb97
php-horde-Horde-Image-2.5.1-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a8886eb42e
cross-binutils-2.25.1-31.el7.1 cross-gcc-4.8.5-16.el7.1
The following builds have been pushed to Fedora EPEL 7 updates-testing
cherrytree-0.38.1-1.el7
cross-binutils-2.25.1-31.el7.1
cross-gcc-4.8.5-16.el7.1
fedmsg-0.18.4-1.el7
grip-3.4.2-2.el7
nagios-4.3.2-5.el7
nodejs-6.11.0-1.el7
picard-1.3.2-7.el7
python-libdiscid-0.4.1-11.el7
python-mutagen-1.38-2.el7
python-tambo-0.4.0-1.el7
rpkg-1.49-5.el7
youtube-dl-2017.06.25-1.el7
Details about builds:
================================================================================
cherrytree-0.38.1-1.el7 (FEDORA-EPEL-2017-9ae320ed1c)
Hierarchical note taking application
--------------------------------------------------------------------------------
Update Information:
update to latest version 0.38.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1460404 - cherrytree-0.38.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1460404
--------------------------------------------------------------------------------
================================================================================
cross-binutils-2.25.1-31.el7.1 (FEDORA-EPEL-2017-a8886eb42e)
A GNU collection of cross-compilation binary utilities
--------------------------------------------------------------------------------
Update Information:
Rebase cross-gcc and cross-binutils.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 27 2017 Lubomir Rintel <lkundrak(a)v3.s> - 2.25.1-31.1
- Align with RHEL7 binutils
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1162664 - cross-binutils: binutils: directory traversal vulnerability
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162664
[ 2 ] Bug #1162629 - CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC
parser [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162629
[ 3 ] Bug #1162618 - CVE-2014-8503 cross-binutils: binutils: stack overflow in objdump
when parsing specially crafted ihex file [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162618
[ 4 ] Bug #1162605 - CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162605
[ 5 ] Bug #1162582 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when
parsing specially crafted PE executable [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162582
[ 6 ] Bug #1440669 - Rebase cross-gcc on EPEL with latest RHEL-7 gcc sources
https://bugzilla.redhat.com/show_bug.cgi?id=1440669
--------------------------------------------------------------------------------
================================================================================
cross-gcc-4.8.5-16.el7.1 (FEDORA-EPEL-2017-a8886eb42e)
Cross C compiler
--------------------------------------------------------------------------------
Update Information:
Rebase cross-gcc and cross-binutils.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1162664 - cross-binutils: binutils: directory traversal vulnerability
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162664
[ 2 ] Bug #1162629 - CVE-2014-8504 cross-binutils: binutils: stack overflow in the SREC
parser [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162629
[ 3 ] Bug #1162618 - CVE-2014-8503 cross-binutils: binutils: stack overflow in objdump
when parsing specially crafted ihex file [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162618
[ 4 ] Bug #1162605 - CVE-2014-8502 cross-binutils: binutils: heap overflow in objdump
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162605
[ 5 ] Bug #1162582 - CVE-2014-8501 cross-binutils: binutils: out-of-bounds write when
parsing specially crafted PE executable [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1162582
[ 6 ] Bug #1440669 - Rebase cross-gcc on EPEL with latest RHEL-7 gcc sources
https://bugzilla.redhat.com/show_bug.cgi?id=1440669
--------------------------------------------------------------------------------
================================================================================
fedmsg-0.18.4-1.el7 (FEDORA-EPEL-2017-c5c246bcea)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release (#1465692).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1465692 - fedmsg-0.18.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1465692
--------------------------------------------------------------------------------
================================================================================
grip-3.4.2-2.el7 (FEDORA-EPEL-2017-23cbab3e02)
Front-end for CD rippers and Ogg Vorbis encoders
--------------------------------------------------------------------------------
Update Information:
Updated to 3.4.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1455353 - Update grip to 3.4.1
https://bugzilla.redhat.com/show_bug.cgi?id=1455353
--------------------------------------------------------------------------------
================================================================================
nagios-4.3.2-5.el7 (FEDORA-EPEL-2017-a6bf582624)
Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:
Added fix for selinux from Patrick Uiterwijk ---- Update to latest in git
---- Updated from 4.3.1 maint to 4.3.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1005974 - nagios-4.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1005974
[ 2 ] Bug #1084934 - Unable to reload nagios under systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1084934
[ 3 ] Bug #1201849 - Support an environment file in the systemd unit file
https://bugzilla.redhat.com/show_bug.cgi?id=1201849
[ 4 ] Bug #1218320 - Install the Nagios checkresults directory with group-writable
permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1218320
[ 5 ] Bug #1426816 - Nagios RPM 4.2.4 forgot to reload systemd in postinstall
https://bugzilla.redhat.com/show_bug.cgi?id=1426816
[ 6 ] Bug #1428111 - Broken links in the View Trends and the View Histogram menu
https://bugzilla.redhat.com/show_bug.cgi?id=1428111
--------------------------------------------------------------------------------
================================================================================
nodejs-6.11.0-1.el7 (FEDORA-EPEL-2017-08a356e92b)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Update to new version.
--------------------------------------------------------------------------------
================================================================================
picard-1.3.2-7.el7 (FEDORA-EPEL-2017-6ba86beae7)
MusicBrainz-based audio tagger
--------------------------------------------------------------------------------
Update Information:
Package reintroduced into EPEL7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1440898 - Introduce picard to EPEL-7
https://bugzilla.redhat.com/show_bug.cgi?id=1440898
[ 2 ] Bug #1379033 - Picard doesn't start due to change in mutagen, throws
BitPaddedInt import error
https://bugzilla.redhat.com/show_bug.cgi?id=1379033
--------------------------------------------------------------------------------
================================================================================
python-libdiscid-0.4.1-11.el7 (FEDORA-EPEL-2017-23126650f2)
Python bindings for libdiscid
--------------------------------------------------------------------------------
Update Information:
Port to EPEL7 (and old Sphinx; RHBZ 1190344)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1190344 - python-mutagen conflicts with RHEL6/7 base
https://bugzilla.redhat.com/show_bug.cgi?id=1190344
--------------------------------------------------------------------------------
================================================================================
python-mutagen-1.38-2.el7 (FEDORA-EPEL-2017-23126650f2)
Mutagen is a Python module to handle audio meta-data
--------------------------------------------------------------------------------
Update Information:
Port to EPEL7 (and old Sphinx; RHBZ 1190344)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1190344 - python-mutagen conflicts with RHEL6/7 base
https://bugzilla.redhat.com/show_bug.cgi?id=1190344
--------------------------------------------------------------------------------
================================================================================
python-tambo-0.4.0-1.el7 (FEDORA-EPEL-2017-76ab6036a0)
A command line object dispatcher
--------------------------------------------------------------------------------
Update Information:
First EPEL 7 release
--------------------------------------------------------------------------------
================================================================================
rpkg-1.49-5.el7 (FEDORA-EPEL-2017-5e3229c7b2)
Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
* remove dependency on `python-osbs` * add support for namespaces in `--module-
name` argument
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2017.06.25-1.el7 (FEDORA-EPEL-2017-a42a2c9c1f)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Upstream update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1458621 - youtube-dl-2017.06.25 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1458621
--------------------------------------------------------------------------------