The following Fedora EPEL 7 Security updates need testing:
Age URL
71
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-1f259a45ef
openjpeg2-2.3.1-11.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-1405677543
putty-0.76-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-b740c86692
prosody-0.11.10-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
CFR-0.151-4.el7
charliecloud-0.24-12.el7
classpathless-compiler-1.4-2.el7
golang-1.15.14-1.el7
nova-agent-2.1.24-1.el7
pspg-5.3.2-1.el7
siege-4.1.1-1.el7
Details about builds:
================================================================================
CFR-0.151-4.el7 (FEDORA-EPEL-2021-dc50722c10)
CFR - Another Java Decompiler
--------------------------------------------------------------------------------
Update Information:
Added Provides attributes serving as package aliases ---- Initial release
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
charliecloud-0.24-12.el7 (FEDORA-EPEL-2021-8f60b1a500)
Lightweight user-defined software stacks for high-performance computing
--------------------------------------------------------------------------------
Update Information:
Update Provides targets and Obsolete tags; replaced package name with macro;
tidied comments.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 5 2021 Jordan Ogas <jogas@lanl,gov> 0.24-12
- remove version numbers from Obsolete
- remove Provides tag
- replace package name with macro
- tidy
* Thu Jul 29 2021 Jordan Ogas <jogas(a)lanl.gov> 0.24-11
- move -builder to noarch
- move examples back to -doc
- add versions to obsoletes
- use name macro
* Wed Jul 28 2021 Jordan Ogas <jogas(a)lanl.gov> 0.24-10
- fix yet another typo; BuildRequires
* Wed Jul 28 2021 Jordan Ogas <jogas(a)lanl.gov> 0.24-9
- add version to obsoletes
* Wed Jul 28 2021 Jordan Ogas <jogas(a)lanl.gov> 0.24-8
- fix provides typo
* Wed Jul 28 2021 Jordan Ogas <jogas(a)lanl.gov> 0.24-7
- add -common to obsoletes and provides
* Wed Jul 28 2021 Jordan Ogas <jogas(a)lanl.gov> - 0.24-6
* revert to meta-package; separate builder to -builder
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.24-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jul 19 2021 Jordan Ogas <jogas(a)lanl.gov> - 0.24-4
- fix epel7 python cache files
* Mon Jul 19 2021 Jordan Ogas <jogas(a)lanl.gov> - 0.24-3
- Tidy, alphabatize files
- Move builder exlusive python files out from -common
- Move generic helper scripts to -common
- Add requires runtime to -builders
* Tue Jul 13 2021 Dave Love <loveshack(a)fedoraproject.org> - 0.24-2
- Obsolete previous packge by -runtime, not -common
* Wed Jun 30 2021 Dave Love <loveshack(a)fedoraproject.org> - 0.24-1
- New version
* Sun Apr 18 2021 Dave Love <loveshack(a)fedoraproject.org> - 0.23-1
- New version
- Split main package into runtime, builder, and common sub-packages
- Require buildah and squashfs at run time
- Use /lib, not /lib64 for noarch; drop lib64 patch
- Don't BR squashfs-tools, squashfuse, buildah
- Require squashfs-tools in -builders
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1985381 - ch-run-oci fails
https://bugzilla.redhat.com/show_bug.cgi?id=1985381
--------------------------------------------------------------------------------
================================================================================
classpathless-compiler-1.4-2.el7 (FEDORA-EPEL-2021-146416904c)
Tool for recompiling java sources with customizable class providers
--------------------------------------------------------------------------------
Update Information:
Fix BuildRequires on java-11-headless ---- Update to upstream version 1.4
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1977799 - Review Request: classpathless-compiler - Tool for recompiling java
sources with customizable class providers
https://bugzilla.redhat.com/show_bug.cgi?id=1977799
--------------------------------------------------------------------------------
================================================================================
golang-1.15.14-1.el7 (FEDORA-EPEL-2021-99c2d09762)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
* Update to go1.15.14 * Fix crash in VDSO calls on ppc64le * Security fix for
CVE-2020-28851, CVE-2020-28852, CVE-2021-3114, CVE-2021-3115, CVE-2021-27918,
CVE-2021-31525, CVE-2021-33198, CVE-2021-33197, CVE-2021-33195 and
CVE-2021-34558
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 27 2021 Jakub ��ajka <jcajka(a)redhat.com> - 1.15.14-1
- Update to go1.15.14
- Fix crash in VDSO calls on ppc64le
- Security fix for CVE-2020-28851, CVE-2020-28852, CVE-2021-3114, CVE-2021-3115,
CVE-2021-27918, CVE-2021-31525, CVE-2021-33198, CVE-2021-33197, CVE-2021-33195 and
CVE-2021-34558
- Resolves: BZ#1913336, BZ#1913365, BZ#1918752, BZ#1918762, BZ#1937902, BZ#1958342,
BZ#1989576, BZ#1989571, BZ#1989565 and BZ#1986200
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1913333 - CVE-2020-28851
golang.org/x/text: Panic in
language.ParseAcceptLanguage while parsing -u- extension
https://bugzilla.redhat.com/show_bug.cgi?id=1913333
[ 2 ] Bug #1913338 - CVE-2020-28852
golang.org/x/text: Panic in
language.ParseAcceptLanguage while processing bcp47 tag
https://bugzilla.redhat.com/show_bug.cgi?id=1913338
[ 3 ] Bug #1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the
P-224 curve
https://bugzilla.redhat.com/show_bug.cgi?id=1918750
[ 4 ] Bug #1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause
arbitrary code execution at build time
https://bugzilla.redhat.com/show_bug.cgi?id=1918761
[ 5 ] Bug #1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using
xml.NewTokenDecoder with a custom TokenReader
https://bugzilla.redhat.com/show_bug.cgi?id=1937901
[ 6 ] Bug #1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and
ReadResponse when reading a very large header
https://bugzilla.redhat.com/show_bug.cgi?id=1958341
[ 7 ] Bug #1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is
causing TLS client to panic
https://bugzilla.redhat.com/show_bug.cgi?id=1983596
[ 8 ] Bug #1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid
host names
https://bugzilla.redhat.com/show_bug.cgi?id=1989564
[ 9 ] Bug #1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards
connection headers if first one is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1989570
[ 10 ] Bug #1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an
unrecoverable fatal error if passed inputs with very large exponents
https://bugzilla.redhat.com/show_bug.cgi?id=1989575
--------------------------------------------------------------------------------
================================================================================
nova-agent-2.1.24-1.el7 (FEDORA-EPEL-2021-ae44063f8a)
Agent for setting up clean servers on Xen
--------------------------------------------------------------------------------
Update Information:
Latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 5 2021 Sam P <survient(a)fedoraproject.org> - 2.1.24-1
- Updated to latest upstream release.
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.23-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 2.1.23-2
- Rebuilt for Python 3.10
--------------------------------------------------------------------------------
================================================================================
pspg-5.3.2-1.el7 (FEDORA-EPEL-2021-4bdaa8a117)
A unix pager optimized for psql
--------------------------------------------------------------------------------
Update Information:
new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/5.3.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 5 2021 Pavel Raiskup <praiskup(a)redhat.com> - 5.3.2-1
- new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/5.3.2
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.0.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1942439 - pspg-5.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1942439
--------------------------------------------------------------------------------
================================================================================
siege-4.1.1-1.el7 (FEDORA-EPEL-2021-6073cc9507)
HTTP regression testing and benchmarking utility
--------------------------------------------------------------------------------
Update Information:
2021/07/14 Jeffrey Fulmer
http://www.joedog.org/support/ * src/browser.c
Added HTTP response 201 handler * src/response.c Added Content-Location
handler * src/response.h Added CONTENT_LOCATION value * src/http.c
Added Content-Location parser * src/cfg.c Added an escape handler
for $ in URLs * src/eval.c Added function escape(str) to remove '\'
* src/ssl.c Put ERR_remove_state inside ssl version * src/url.c
Added fix for null path checking * src/util.c Fixed
np_phtread_usleep for Solaris * src/version.c Version increment: 4.1.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 5 2021 Denis Fateyev <denis(a)fateyev.com> - 4.1.1-1
- Update to 4.1.1 (#1979058)
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.9-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1979058 - siege-4.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1979058
--------------------------------------------------------------------------------