The following Fedora EPEL 7 Security updates need testing:
Age URL
250
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
58
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8311ec8a2
tor-0.3.5.8-1.el7
52
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9c2c40e3df
guacamole-server-1.0.0-1.el7
31
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-317c9a2f81
drupal7-7.65-1.el7
26
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294
cinnamon-3.6.7-5.el7
24
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f1efad2982
aria2-1.34.0-4.el7
18
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-50a6a1ddfd
afflib-3.7.18-2.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-77190f3ef7
python34-3.4.10-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8395a0247
transmission-2.94-6.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6ea040e59b
hostapd-2.7-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-ae064347d8
python3-jinja2-2.8.1-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
hub-2.11.2-1.el7
libmediainfo-18.12-3.el7
pam_radius-1.4.0-4.el7
Details about builds:
================================================================================
hub-2.11.2-1.el7 (FEDORA-EPEL-2019-be1883503f)
A command-line wrapper for git with github shortcuts
--------------------------------------------------------------------------------
Update Information:
Update to hub 2.11.1 * Fix writing over existing cache files in hub api * Allow
repository names that start with a - character * List api among custom hub
commands in help * Fix compatibility with git when run with no arguments: hub
--git-dir=.git * Fix issue/PR --format %L output in no-color mode * Create draft
pull requests with hub pull-request --draft * Fix non-draft pull requests for
certain repositories
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 22 2019 Stephen Gallagher <sgallagh(a)redhat.com> - 2.11.2-1
- Update to 2.11.2
- Avoid crash in hub remote argument parsing
- Fix `hub -C mydir merge <URL>` by propagating global git arguments to
Before/After chains
- Preserve tilde ~ character in man pages
* Fri Mar 29 2019 Stephen Gallagher <sgallagh(a)redhat.com> - 2.11.1-1
- Update to 2.11.1
- Fix compatibility with git when run with no arguments: hub --git-dir=.git
- Fix issue/PR --format %L output in no-color mode
- Create draft pull requests with hub pull-request --draft
- Fix non-draft pull requests for certain repositories
* Thu Mar 28 2019 Stephen Gallagher <sgallagh(a)redhat.com> - 2.10.1-1
- Update to 2.10.1
- Fix writing over existing cache files in hub api
- Allow repository names that start with a - character
- List api among custom hub commands in help
--------------------------------------------------------------------------------
================================================================================
libmediainfo-18.12-3.el7 (FEDORA-EPEL-2019-7fc4459823)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2019-11372
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 22 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 18.12-3
- Fix CVE-2019-11372
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 18.12-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1701849 - CVE-2019-11372 CVE-2019-11373 libmediainfo: various flaws
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1701849
[ 2 ] Bug #1701847 - CVE-2019-11372 CVE-2019-11373 libmediainfo: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1701847
--------------------------------------------------------------------------------
================================================================================
pam_radius-1.4.0-4.el7 (FEDORA-EPEL-2019-489d75ec9c)
PAM Module for RADIUS Authentication
--------------------------------------------------------------------------------
Update Information:
Fix garbage password contents in add_password `add_password` does length
rounding prior to coyping the contents of the password buffer. This causes two
problems: 1. The hashed contents include trailing memory past the length of
the password. 2. The hashed contents will no longer be NULL-terminated.
Apply the following two upstream commits to fix: 1.
`6bae92df885602b2558333bdb6d2db67d1365683` 2.
`ac2c16774be593ebaa769b09c95722d08216cb95`
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 22 2019 Alexander Scheel <ascheel(a)redhat.com> - 1.4.0-4
- Fix NULL-termination of password buffer, garbage contents prior to hashing
--------------------------------------------------------------------------------