The following Fedora EPEL 7 Security updates need testing:
Age URL
887
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
649
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
231
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
129
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
127
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4
tnef-1.4.14-1.el7
126
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
29
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-47be021843
heimdal-7.4.0-1.el7
28
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a8886eb42e
cross-binutils-2.27-9.el7.1 cross-gcc-4.8.5-16.el7.1
19
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c4e53cc90d
chicken-4.12.0-3.el7
16
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b50572c103
sscep-0.6.1-5.20160525git2052ee1.el7
14
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4908d32c3c
python-dbusmock-0.11.1-6.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-017fbc40e8
supervisor-3.1.4-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b6bc17c1
globus-ftp-client-8.36-1.el7 globus-ftp-control-7.8-1.el7
globus-gass-cache-program-6.7-1.el7 globus-gass-copy-9.27-1.el7
globus-gram-client-13.19-1.el7 globus-gram-job-manager-14.36-1.el7
globus-gram-job-manager-condor-2.6-5.el7 globus-gridftp-server-12.2-1.el7
globus-gridftp-server-control-5.1-1.el7 globus-gssapi-gsi-12.17-3.el7 globus-io-11.9-1.el7
globus-net-manager-0.17-1.el7 globus-xio-5.16-1.el7 globus-xio-gsi-driver-3.11-1.el7
globus-xio-pipe-driver-3.10-1.el7 globus-xio-udt-driver-1.28-1.el7 myproxy-6.1.28-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-37e736147d
knot-2.5.3-2.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-94c168d702
php-horde-Horde-Core-2.30.0-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7d6b89ab36
php-horde-Horde-Form-2.0.18-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-359039e1f1
php-horde-Horde-Url-2.2.6-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-aebd466ffa
php-horde-horde-5.2.16-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-531b8ee43e
php-horde-kronolith-4.2.22-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-055fdcdee7
php-horde-nag-4.2.15-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bad0726ae5
php-horde-turba-4.2.20-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-886e003d48
gsoap-2.8.16-9.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8683c5e591
potrace-1.15-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-816da4b59a
ReviewBoard-2.5.15-1.el7 python-djblets-0.9.9-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b69fde3111
mingw-libsoup-2.56.1-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a1d2b25c25
php-PHPMailer-5.2.24-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9bf7bf3989
mingw-gdk-pixbuf-2.36.8-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ReviewBoard-2.5.15-1.el7
bodhi-2.9.0-3.el7
composer-1.5.1-1.el7
fedrepo-req-0.6.0-1.el7
fedrepo-req-1.0.0-1.el7
grip-3.5.2-1.el7
icecream-1.1-1.el7
libgit2-0.24.6-2.el7
libgpod-0.8.3-15.el7
mingw-gdk-pixbuf-2.36.8-1.el7
mingw-glib2-2.50.3-1.el7
mingw-libsoup-2.56.1-1.el7
mirrormanager2-0.8.1-1.el7
notification-daemon-3.20.0-1.el7
pdc-updater-0.6.0-1.el7
php-PHPMailer-5.2.24-1.el7
python-aiosmtpd-1.0-2.el7
python-datanommer-models-0.8.1-1.el7
python-djblets-0.9.9-1.el7
python-fedmsg-meta-fedora-infrastructure-0.19.0-1.el7
python-process-tests-1.0.0-9.el7
python-responses-0.5.1-6.el7
python-robosignatory-0.4.0-1.el7
python-ruamel-yaml-0.13.14-1.el7
python-urllib2_kerberos-0.1.6-22.el7
root-6.10.04-1.el7
ucarp-1.5.2-20.el7
xlockmore-5.55-1.el7
xnec2c-3.5.1-1.el7
xrdp-0.9.3-1.el7
Details about builds:
================================================================================
ReviewBoard-2.5.15-1.el7 (FEDORA-EPEL-2017-816da4b59a)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
https://www.reviewboard.org/docs/releasenotes/reviewboard/2.5.14/ Start using
Pygments 2.2 for syntax highlighting
--------------------------------------------------------------------------------
================================================================================
bodhi-2.9.0-3.el7 (FEDORA-EPEL-2017-5344219d81)
A modular framework that facilitates publishing software updates
--------------------------------------------------------------------------------
Update Information:
Update to [
2.9.0](https://github.com/fedora-infra/bodhi/releases/tag/2.9.0).
Depend on filesystem instead of bash-completion. bodhi-server now depends on
bodhi-client.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1477579 - bodhi-2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1477579
[ 2 ] Bug #1479341 - bodhi-client ��� 2.9.0 hard-requires bash-completion
https://bugzilla.redhat.com/show_bug.cgi?id=1479341
[ 3 ] Bug #1479456 - bodhi-manage-releases needs bodhi-client, but bodhi-server
doesn't require bodhi-client
https://bugzilla.redhat.com/show_bug.cgi?id=1479456
--------------------------------------------------------------------------------
================================================================================
composer-1.5.1-1.el7 (FEDORA-EPEL-2017-c8249e8195)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.5.1** - 2017-08-09 * Fixed regression in GitLabDriver with repos
containing >100 branches or tags * Fixed sub-directory call support to respect
the COMPOSER env var ---- **Version 1.5.0** - 2017-08-08 * Changed the
package install order to ensure that plugins are always installed as soon as
possible * Added ability to call composer from within sub-directories of a
project * Added support for GitLab API v4 * Added support for GitLab sub-
groups * Added some more rules to composer validate * Added support for
reading the `USER` env when guessing the username in `composer init` * Added
warning when uncompressing files with the same name but difference cases on case
insensitive filesystems * Added `htaccess-protect` option /
`COMPOSER_HTACCESS_PROTECT` env var to disable the .htaccess creation in home
dir (defaults to true) * Improved `clear-cache` command * Minor
improvements/fixes and many documentation updates ---- **Version 1.4.3** -
2017-08-06 * Fixed GitLab URLs * Fixed root package version detection using
latest git versions * Fixed inconsistencies in date format in composer.lock
when installing from source * Fixed Mercurial support regression * Fixed
exclude-from-classmap not being applied when autoloading files for Composer
plugins * Fixed exclude-from-classmap being ignored when cwd has the wrong
case on case insensitive filesystems * Fixed several other minor issues
--------------------------------------------------------------------------------
================================================================================
fedrepo-req-0.6.0-1.el7 (FEDORA-EPEL-2017-be73cac04d)
CLI for Fedora package repo requests
--------------------------------------------------------------------------------
Update Information:
Initial release
--------------------------------------------------------------------------------
================================================================================
fedrepo-req-1.0.0-1.el7 (FEDORA-EPEL-2017-69b805f150)
CLI for Fedora package repo requests
--------------------------------------------------------------------------------
Update Information:
Initial release ---- Initial Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1469331 - Review Request: fedrepo-req - A CLI tool that provides an easy way
to submit ticket requests for packaging tasks in Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=1469331
--------------------------------------------------------------------------------
================================================================================
grip-3.5.2-1.el7 (FEDORA-EPEL-2017-da95d6f166)
Front-end for CD rippers and Ogg Vorbis encoders
--------------------------------------------------------------------------------
Update Information:
Updated to 3.5.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1476533 - grip-3.5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1476533
--------------------------------------------------------------------------------
================================================================================
icecream-1.1-1.el7 (FEDORA-EPEL-2017-19060c83ec)
Distributed compiler
--------------------------------------------------------------------------------
Update Information:
Icecream is a distributed compile system. It allows parallel compiling by
distributing the compile jobs to several nodes of a compile network running the
icecc daemon. The icecc scheduler routes the jobs and provides status and
statistics information to the icecc monitor. Each compile node can accept one or
more compile jobs depending on the number of processors and the settings of the
daemon. Link jobs and other jobs which cannot be distributed are executed
locally on the node where the compilation is started.
--------------------------------------------------------------------------------
================================================================================
libgit2-0.24.6-2.el7 (FEDORA-EPEL-2017-8c63ac9cba)
C implementation of the Git core methods as a library with a solid API
--------------------------------------------------------------------------------
Update Information:
Drop 0.21.5 ABI compat All reverse dependencies are now using the 0.24 ABI.
This allows us to drop the old ABI compatibility libraries.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1434892 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1434892
--------------------------------------------------------------------------------
================================================================================
libgpod-0.8.3-15.el7 (FEDORA-EPEL-2017-87f6cddc6b)
Library to access the contents of an iPod
--------------------------------------------------------------------------------
Update Information:
Rebuild for libimobiledevice 1.2 in RHEL 7.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1455268 - libgpod from EPEL cause conflicts with other pkgs from el7
https://bugzilla.redhat.com/show_bug.cgi?id=1455268
--------------------------------------------------------------------------------
================================================================================
mingw-gdk-pixbuf-2.36.8-1.el7 (FEDORA-EPEL-2017-9bf7bf3989)
MinGW Windows GDK Pixbuf library
--------------------------------------------------------------------------------
Update Information:
Security update for integer multiplication overflow in DecodeHeader function in
io-bmp.c
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1480599 - mingw-gdk-pixbuf: gdk-pixbuf: integer multiplication overflow in
DecodeHeader function in io-bmp.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1480599
--------------------------------------------------------------------------------
================================================================================
mingw-glib2-2.50.3-1.el7 (FEDORA-EPEL-2017-235363fdff)
MinGW Windows GLib2 library
--------------------------------------------------------------------------------
Update Information:
MinGW cross compiled glib 2.50.3 release.
--------------------------------------------------------------------------------
================================================================================
mingw-libsoup-2.56.1-1.el7 (FEDORA-EPEL-2017-b69fde3111)
MinGW library for HTTP and XML-RPC functionality
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-2885 (stack based buffer overflow with HTTP Chunked
Encoding).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1480239 - CVE-2017-2885 mingw-libsoup: libsoup: Stack based buffer overflow
with HTTP Chunked Encoding [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1480239
--------------------------------------------------------------------------------
================================================================================
mirrormanager2-0.8.1-1.el7 (FEDORA-EPEL-2017-d31a96b242)
Mirror management application
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.1
--------------------------------------------------------------------------------
================================================================================
notification-daemon-3.20.0-1.el7 (FEDORA-EPEL-2017-bf83bfdf15)
Desktop Notification Daemon
--------------------------------------------------------------------------------
Update Information:
Update for GNOME 3.22 (RHEL 7.4)
--------------------------------------------------------------------------------
================================================================================
pdc-updater-0.6.0-1.el7 (FEDORA-EPEL-2017-bffcbf6969)
Update the product definition center in response to fedmsg
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
php-PHPMailer-5.2.24-1.el7 (FEDORA-EPEL-2017-a1d2b25c25)
PHP email transport class with a lot of features
--------------------------------------------------------------------------------
Update Information:
Update to 5.2.24: fixes XSS vulnerability CVE-2017-11503.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1474416 - CVE-2017-11503 phpmailer: XSS in code_generator.php
https://bugzilla.redhat.com/show_bug.cgi?id=1474416
--------------------------------------------------------------------------------
================================================================================
python-aiosmtpd-1.0-2.el7 (FEDORA-EPEL-2017-e7c642c1e3)
Asyncio-based SMTP server
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
================================================================================
python-datanommer-models-0.8.1-1.el7 (FEDORA-EPEL-2017-38d313d00c)
SQLAlchemy models for datanommer
--------------------------------------------------------------------------------
Update Information:
Add a forgotten DB migration:
https://github.com/fedora-
infra/datanommer/pull/94
--------------------------------------------------------------------------------
================================================================================
python-djblets-0.9.9-1.el7 (FEDORA-EPEL-2017-816da4b59a)
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
https://www.reviewboard.org/docs/releasenotes/reviewboard/2.5.14/ Start using
Pygments 2.2 for syntax highlighting
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.19.0-1.el7 (FEDORA-EPEL-2017-7ec890136b)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Update to 0.19.0 Release note at:
https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0190
--------------------------------------------------------------------------------
================================================================================
python-process-tests-1.0.0-9.el7 (FEDORA-EPEL-2017-20594d83ca)
Tools for testing processes
--------------------------------------------------------------------------------
Update Information:
Tools for testing processes.
--------------------------------------------------------------------------------
================================================================================
python-responses-0.5.1-6.el7 (FEDORA-EPEL-2017-b87f817f8f)
Reusable django app for collecting and visualizing network topology
--------------------------------------------------------------------------------
Update Information:
Ship python34-responses
--------------------------------------------------------------------------------
================================================================================
python-robosignatory-0.4.0-1.el7 (FEDORA-EPEL-2017-7ed5109c42)
A fedmsg consumer that automatically signs artifacts
--------------------------------------------------------------------------------
Update Information:
- One small fix to rpm signing (for efficiency):
https://pagure.io/robosignatory
/c/36e1e4b8517e96c13c7436d383b62ea83319f94c?branch=master - Simplify the way
that modules are signed:
https://pagure.io/robosignatory/pull-request/15
--------------------------------------------------------------------------------
================================================================================
python-ruamel-yaml-0.13.14-1.el7 (FEDORA-EPEL-2017-70b267ed4d)
YAML 1.2 loader/dumper package for Python
--------------------------------------------------------------------------------
Update Information:
ruamel.yaml is a YAML 1.2 loader/dumper package for Python. It is a derivative
of Kirill Simonov���s PyYAML 3.11.
--------------------------------------------------------------------------------
================================================================================
python-urllib2_kerberos-0.1.6-22.el7 (FEDORA-EPEL-2017-4ea6cbf6c9)
Kerberos over HTTP Negotiate/SPNEGO support for urllib2
--------------------------------------------------------------------------------
Update Information:
Add a build-time dependency on python2-devel and modernize spec file
--------------------------------------------------------------------------------
================================================================================
root-6.10.04-1.el7 (FEDORA-EPEL-2017-47ac46aaba)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
ROOT 6.10.04
--------------------------------------------------------------------------------
================================================================================
ucarp-1.5.2-20.el7 (FEDORA-EPEL-2017-a269df2fab)
Common Address Redundancy Protocol (CARP) for Unix
--------------------------------------------------------------------------------
Update Information:
Fix unit file.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1475748 - ucarp doesn't start on boot
https://bugzilla.redhat.com/show_bug.cgi?id=1475748
--------------------------------------------------------------------------------
================================================================================
xlockmore-5.55-1.el7 (FEDORA-EPEL-2017-fedc9083c8)
Screen lock and screen saver
--------------------------------------------------------------------------------
Update Information:
updated to 5.55
--------------------------------------------------------------------------------
================================================================================
xnec2c-3.5.1-1.el7 (FEDORA-EPEL-2017-65f73a542e)
GTK based graphical wrapper for nec2c
--------------------------------------------------------------------------------
Update Information:
* Modified the NEC2 Editor code so that when a Geometry or Command editor window
is opened, activating Apply or OK will save data in the editor window to the
treeview, even if the default data is not edited. * Modified the NEC2 Editor
code so that if a treeview row is removed while the relevant editor window is
open, then activating Apply or OK will not attempt to save data to the treeview,
since this will cause an illegal memory access and will crash xnec2c. * Fixed a
bug in the Helix editor which caused incorrect calculation of the segment length
as a percentage of wavelength or of the number of segments/turn that correspond
to a given segment length as a percentage of wavelength.
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.3-1.el7 (FEDORA-EPEL-2017-7c3684520a)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
New features - Log user-friendly messages when certificate/privkey is
inaccessible Bugfixes - Now sesman sets mandatory LOGNAME environment variable
#725 - Now sesman ensures socket directory present #801 - Exit with failure
status if port already in use #644 - Eliminate some hard coded paths - Fix
glitches with IPv4 struct initialization #803 - Fix some keyboard layout
integration (UK, Spanish) - Fix handle OS when IPv6 disabled #714 - Fix issues
around systemd session #778 - Fix protocol error when 32 bit color and non
RemoteFX session #737 #804 - Fix sesadmin shows error when no sessions #797 -
Fix TLS spins 100% CPU #728 - Fix Xvnc backend disconnects when some data copied
to clipboard #755 - Pick up the first section if given section(domain) doesn't
match anything #750 Other changes - Change xrdp-chansrv log path to include
display number - Optimize startwm.sh for SUSE - Several cleanups and
optimizations Known issues - Windows 10 (1703) shows black blank screen in
RemoteFX mode
--------------------------------------------------------------------------------