The following Fedora EPEL 7 Security updates need testing:
Age URL
274
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
82
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8311ec8a2
tor-0.3.5.8-1.el7
50
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294
cinnamon-3.6.7-5.el7
42
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-50a6a1ddfd
afflib-3.7.18-2.el7
16
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
13
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-04c7455f6a
singularity-3.1.1-1.1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cjdns-20.3-3.el7
ckeditor-4.11.4-1.el7
gnome-shell-extension-system-monitor-applet-38-2.20190515gitfc83a73.el7
inxi-3.0.34-1.el7
libmediainfo-19.04-1.el7
mediaconch-18.03.2-7.el7
mediainfo-19.04-1.el7
php-natxet-cssmin-3.0.6-1.el7
php-stecman-symfony-console-completion-0.10.1-2.el7
python3-pillow-6.0.0-2.el7
sems-1.6.0-18.el7
spectre-meltdown-checker-0.41-1.el7
Details about builds:
================================================================================
cjdns-20.3-3.el7 (FEDORA-EPEL-2019-81be0c720b)
The privacy-friendly network without borders
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 9 2019 Stuart Gathman <stuart(a)gathman.org> - 20.3-3
- Move running test suite to check
* Wed May 8 2019 Stuart Gathman <stuart(a)gathman.org> - 20.3-2
- Increase timeout for fuzz tests to allow slower arches to succeed
* Wed May 8 2019 Stuart Gathman <stuart(a)gathman.org> - 20.3-1
- New upstream version 20.3
* Fri May 3 2019 Stuart Gathman <stuart(a)gathman.org> - 20.2-7
- Option to use system libuv
- Fix scope of Pipe_PATH String_CONST in config.
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 20.2-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1705914 - cjdns-20.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1705914
--------------------------------------------------------------------------------
================================================================================
ckeditor-4.11.4-1.el7 (FEDORA-EPEL-2019-12a6beac1e)
WYSIWYG text editor to be used inside web pages
--------------------------------------------------------------------------------
Update Information:
## CKEditor 4.11.4 Fixed Issues: *
[#589](https://github.com/ckeditor/ckeditor-dev/issues/589): Fixed: The editor
causes memory leaks in create and destroy cycles. *
[#1397](https://github.com/ckeditor/ckeditor-dev/issues/1397): Fixed: Using the
dialog to remove headers from a [
table](https://ckeditor.com/cke4/addon/table)
with one header row only throws an error. *
[#1479](https://github.com/ckeditor/ckeditor-dev/issues/1479): Fixed:
[
Justification](https://ckeditor.com/cke4/addon/justify) for styled content in
BR mode is disabled. * [#2816](https://github.com/ckeditor/ckeditor-
dev/issues/2816): Fixed: [Enhanced
Image](https://ckeditor.com/cke4/addon/image2) resize handler is visible in
[read-only
mode](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_readonly.html). *
[#2874](https://github.com/ckeditor/ckeditor-dev/issues/2874): Fixed: [Enhanced
Image](https://ckeditor.com/cke4/addon/image2) resize handler is not created
when the editor is initialized in [read-only
mode](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_readonly.html). *
[#2775](https://github.com/ckeditor/ckeditor-dev/issues/2775): Fixed:
[
Clipboard](https://ckeditor.com/cke4/addon/clipboard) paste buttons have wrong
state when [read-
only](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_readonly.html) mode
is set by the mouse event listener with the [Div Editing
Area](https://ckeditor.com/cke4/addon/divarea) plugin. *
[#1901](https://github.com/ckeditor/ckeditor-dev/issues/1901): Fixed: Cannot
open the context menu over a [
Widget](https://ckeditor.com/cke4/addon/widget)
with the <kbd>Shift</kbd>+<kbd>F10</kbd> keyboard shortcut. Other
Changes: *
Updated [
WebSpellChecker](https://ckeditor.com/cke4/addon/wsc) (WSC) and
[
SpellCheckAsYouType](https://ckeditor.com/cke4/addon/scayt) (SCAYT) plugins:
* Language dictionary update: German language was extended with over 600k new
words. * Language dictionary update: Swedish language was extended with
over 300k new words. * Grammar support added for Australian and New
Zealand English, Polish, Slovak, Slovenian and Austrian languages. *
Changed wavy red and green lines that underline spelling and grammar errors to
straight ones. * [#55](https://github.com/WebSpellChecker/ckeditor-
plugin-wsc/issues/55): Fixed: WSC does not use [`CKEDITOR.getUrl()`](https://cke
ditor.com/docs/ckeditor4/latest/api/CKEDITOR.html#method-getUrl) when
referencing style sheets. *
[#166](https://github.com/WebSpellChecker/ckeditor-plugin-scayt/issues/166):
Fixed: SCAYT does not use [`CKEDITOR.getUrl()`](https://ckeditor.com/docs/ckedit
or4/latest/api/CKEDITOR.html#method-getUrl) when referencing style sheets.
* [#56](https://github.com/WebSpellChecker/ckeditor-plugin-wsc/issues/56):
[Chrome] Fixed: SCAYT/WSC throws errors when running inside a Chrome extension.
* Fixed: After removing a dictionary, the words are not underlined and
considered as incorrect. * Fixed: The Slovenian (`sl_SL`) language does
not work. * Fixed: Quotes with code `U+2019` (Right single quotation
mark) are considered separators. * Fixed: Wrong error message formatting
when the service ID is invalid. * Fixed: Absent languages in the
Languages tab when using SCAYT with the [Shared
Spaces](https://ckeditor.com/cke4/addon/sharedspace) plugin. ## CKEditor 4.11.3
Fixed Issues: * [#2721](https://github.com/ckeditor/ckeditor-dev/issues/2721),
[#487](https://github.com/ckeditor/ckeditor-dev/issues/487): Fixed: The order of
sublist items is reversed when a higher level list item is removed. *
[#2527](https://github.com/ckeditor/ckeditor-dev/issues/2527): Fixed:
[
Emoji](https://ckeditor.com/cke4/addon/emoji) autocomplete order does not
prioritize emojis with the name starting from the used string. *
[#2572](https://github.com/ckeditor/ckeditor-dev/issues/2572): Fixed: Icons in
the [
Emoji](https://ckeditor.com/cke4/addon/emoji) dropdown navigation groups
are not centered. * [#1191](https://github.com/ckeditor/ckeditor-
dev/issues/1191): Fixed: Items in the [elements
path](https://ckeditor.com/cke4/addon/elementspath) are draggable. *
[#2292](https://github.com/ckeditor/ckeditor-dev/issues/2292): Fixed: Dropping a
list with a link on the editor's margin causes a console error and removes the
dragged text from editor. * [#2756](https://github.com/ckeditor/ckeditor-
dev/issues/2756): Fixed: The [Auto
Link](https://ckeditor.com/cke4/addon/autolink) plugin causes an error when
typing in the [source editing
mode](https://ckeditor.com/docs/ckeditor4/latest/guide/dev_sourcearea.html). *
[#1986](https://github.com/ckeditor/ckeditor-dev/issues/1986): Fixed: The Cell
Properties dialog from the [Table
Tools](https://ckeditor.com/cke4/addon/tabletools) plugin shows styles that are
not allowed through [`config.allowedContent`](https://ckeditor.com/docs/ckeditor
4/latest/api/CKEDITOR_config.html#cfg-allowedContent). *
[#2565](https://github.com/ckeditor/ckeditor-dev/issues/2565): [IE, Edge] Fixed:
Buttons in the [editor
toolbar](https://ckeditor.com/cke4/addon/toolbar) are
activated by clicking them with the right mouse button. *
[#2792](https://github.com/ckeditor/ckeditor-dev/pull/2792): Fixed: A bug in the
[Copy
Formatting](https://ckeditor.com/cke4/addon/copyformatting) plugin that
caused the following issues: * [#2780](https://github.com/ckeditor/ckeditor-
dev/issues/2780): Fixed: Undo steps disappear after multiple changes of
selection. * [#2470](https://github.com/ckeditor/ckeditor-dev/issues/2470):
[Firefox] Fixed: Widget's nested editable gets blurred upon focus. *
[#2655](https://github.com/ckeditor/ckeditor-dev/issues/2655): [Chrome, Safari]
Fixed: Widget's nested editable cannot be focused under certain circumstances.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Shawn Iwinski <shawn(a)iwin.ski> - 4.11.4-1
- Update to 4.11.4 (RHBZ #1683205)
- Fix rpmlint "W: invalid-license MPLv1.1+" by changing "MPLv1.1+" to
"MPLv1.1"
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1683205 - ckeditor-4.11.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1683205
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-system-monitor-applet-38-2.20190515gitfc83a73.el7
(FEDORA-EPEL-2019-6562a21760)
A Gnome shell system monitor extension
--------------------------------------------------------------------------------
Update Information:
Updated to last upstream commits
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Nicolas Vi��ville <nicolas.vieville(a)uphf.fr> -
1:38-2.20190515gitfc83a73
- Updated to last upstream commits
- Fix #504 (array.to string() warnings)
- Remove obsolete compatibility code
- Scale width of elements if compact display is on
- Updated translation files
- Reverted ByteArray usage breaking display of thermal and fan speed
- Fixed frequency display showing blank due to ByteArray.tostring
--------------------------------------------------------------------------------
================================================================================
inxi-3.0.34-1.el7 (FEDORA-EPEL-2019-fa566dcaaf)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update t0 3.0.34.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 6 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 3.0.34-1
- Update to 3.0.34
--------------------------------------------------------------------------------
================================================================================
libmediainfo-19.04-1.el7 (FEDORA-EPEL-2019-0d44655ca3)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 19.04.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 24 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 19.04-1
- Update to 19.04
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1701845 - CVE-2019-11372 CVE-2019-11373 mediainfo: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1701845
--------------------------------------------------------------------------------
================================================================================
mediaconch-18.03.2-7.el7 (FEDORA-EPEL-2019-0d44655ca3)
Most relevant technical and tag data for video and audio files (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 19.04.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 24 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 18.03.2-7
- Rebuild with new mediainfo 19.04
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 18.03.2-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1701845 - CVE-2019-11372 CVE-2019-11373 mediainfo: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1701845
--------------------------------------------------------------------------------
================================================================================
mediainfo-19.04-1.el7 (FEDORA-EPEL-2019-0d44655ca3)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 19.04.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 24 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 19.04-1
- Update to 19.04
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 18.12-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1701845 - CVE-2019-11372 CVE-2019-11373 mediainfo: various flaws
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1701845
--------------------------------------------------------------------------------
================================================================================
php-natxet-cssmin-3.0.6-1.el7 (FEDORA-EPEL-2019-82c8034a90)
Configurable CSS parser and minifier
--------------------------------------------------------------------------------
Update Information:
### v3.0.6 Fix bracket for count() argument Merge pull request #26 from
umulmrum/master Fix bracket for count() argument ### v3.0.5 Adapt to PHP 7.2
Merge pull request #24 from jtojnar/php72 Fix compatibility with PHP 7.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 26 2019 Remi Collet <remi(a)remirepo.net> - 3.0.6-1
- update to 3.0.6
- add minimal test for our autoloader
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1504423 - php-natxet-cssmin-3.0.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1504423
--------------------------------------------------------------------------------
================================================================================
php-stecman-symfony-console-completion-0.10.1-2.el7 (FEDORA-EPEL-2019-3330e693d4)
Automatic BASH completion for Symfony Console based applications
--------------------------------------------------------------------------------
Update Information:
### 0.10.1: Options before command name fixed Fixes options appearing before
the command name (eg. `program -v cmdname`) breaking the detection of the
command that should be completed for ([#83](https://github.com/stecman/symfony-
console-completion/issues/83)) ### 0.10.0: Multi-word / whitespace support in
completions Adds support for quoted and escaped multi-word completions. No
changes are required to upgrade from 0.9.0. BASH users will need to
regenerate/reload their shell hook for multi-word completions to work. ###
0.9.0: Isolation of CompletionCommand from user-defined global options To avoid
conflicts with application-level options defined by the library user,
`CompletionCommand` now ignores custom application options. Options from
Symfony's base `Application` class are retained. No action is needed to upgrade
to this version unless your subclass of `CompletionCommand` has been modified to
use global options defined by your application. In this case you will need to
override `CompletionCommand::filterApplicationOptions` to whitelist your
options. ### 0.8.0: Symfony 4 support Adds Symfony Console 4.x to the versions
supported. No changes are required to update to this version from `0.7.0`.
Other changes: - Commands marked as hidden (`symfony-console` >= 3.2) are
excluded from completion results
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Shawn Iwinski <shawn(a)iwin.ski> - 0.10.1-2
- Fix EPEL6 build
* Tue May 14 2019 Shawn Iwinski <shawn(a)iwin.ski> - 0.10.1-1
- Update to 0.10.1 (RHBZ #1562562)
- Add range version dependencies for Fedora >= 27 || RHEL >= 8
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1562562 - php-stecman-symfony-console-completion-0.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1562562
--------------------------------------------------------------------------------
================================================================================
python3-pillow-6.0.0-2.el7 (FEDORA-EPEL-2019-2819a72a78)
Python image processing library
--------------------------------------------------------------------------------
Update Information:
Python image processing library, fork of the Python Imaging Library (PIL) This
library provides extensive file format support, an efficient internal
representation, and powerful image processing capabilities. There are four
subpackages: tk (tk interface), qt (PIL image wrapper for Qt), devel
(development) and doc (documentation).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1701767 - Please add a python36-pillow and python36-pillow-devel package
https://bugzilla.redhat.com/show_bug.cgi?id=1701767
--------------------------------------------------------------------------------
================================================================================
sems-1.6.0-18.el7 (FEDORA-EPEL-2019-60b110ba92)
SIP Express Media Server, an extensible SIP media server
--------------------------------------------------------------------------------
Update Information:
* Enable mp3 support ---- * Enabled several SBC plugins
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Peter Lemenkov <lemenkov(a)gmail.com> - 1.6.0-18
- Enable mp3 support
* Fri May 3 2019 Peter Lemenkov <lemenkov(a)gmail.com> - 1.6.0-17
- Added Redis support
- Added call_control modules
--------------------------------------------------------------------------------
================================================================================
spectre-meltdown-checker-0.41-1.el7 (FEDORA-EPEL-2019-8e8d35f270)
Spectre & Meltdown vulnerability/mitigation checker for Linux
--------------------------------------------------------------------------------
Update Information:
Update to 0.41 * Feature: add support for the 4 MDS CVEs (CVE-2018-12126,
CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 / Fallout, RIDL, ZombieLoad) *
Feature: add Spectre and Meltdown mitigation detection for Hygon CPU
([#271](https://github.com/speed47/spectre-meltdown-checker/pull/271)) *
Feature: for SSBD, report whether the mitigation is active (in live mode)
([#210](https://github.com/speed47/spectre-meltdown-checker/issues/210)) *
Enhancement: better Xen and hypervisors detection
([#259](https://github.com/speed47/spectre-meltdown-checker/pull/259))
([#270](https://github.com/speed47/spectre-meltdown-checker/pull/270)) *
Enhancement: in paranoid mode, assume we're running a hypervisor (for L1TF)
unless stated otherwise * Enhancement: better detect Arch kernel image location
([#268](https://github.com/speed47/spectre-meltdown-checker/pull/268)) * Fix:
error when no process used prctl to set SSB mitigation * Fix: invalid names in
json batch mode ([#279](https://github.com/speed47/spectre-meltdown-
checker/issues/279)) * Fix: IBRS kernel reported active even if sysfs had
"IBRS_FW" only ([#275](https://github.com/speed47/spectre-meltdown-
checker/issues/275)) ([#276](https://github.com/speed47/spectre-meltdown-
checker/issues/276)) * Fix: load vmm under BSD if not already loaded
([#274](https://github.com/speed47/spectre-meltdown-checker/issues/274)) * Fix:
misdetection of files under Clear Linux
([#264](https://github.com/speed47/spectre-meltdown-checker/issues/264)) * Misc:
update MCEdb to v110 * Misc: dozens of other fixes and enhancements
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Reto Gantenbein <reto.gantenbein(a)linuxmonk.ch> - 0.41-1
- Update to 0.41
* Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.40-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------