The following Fedora EPEL 7 Security updates need testing:
Age URL
583
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
325
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
322
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
32
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
15
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4fdca9429c
seamonkey-2.53.1-2.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b8f44a854a
weechat-2.7.1-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b467e9784b
php-horde-Horde-Form-2.0.20-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-7e106e25f9
timeshift-20.03-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
chromium-80.0.3987.149-1.el7
clamav-0.102.2-4.el7
nss-mdns-0.14.1-7.el7
php-behat-gherkin-4.6.2-1.el7
tor-0.3.5.10-1.el7
Details about builds:
================================================================================
chromium-80.0.3987.149-1.el7 (FEDORA-EPEL-2020-42d19f5f91)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only
lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use
after free in media * CVE-2020-6425: Insufficient policy enforcement in
extensions. * CVE-2020-6426: Inappropriate implementation in V8 *
CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio
* CVE-2020-6429: Use after free in audio. * CVE-2019-20503: Out of bounds read
in usersctplib. * CVE-2020-6449: Use after free in audio
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 18 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.149-1
- update to 80.0.3987.149
* Thu Feb 27 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.132-1
- update to 80.0.3987.132
- disable C++17 changes (this means f32+ will no longer build, but it segfaulted
immediately)
* Thu Feb 27 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.122-1
- update to 80.0.3987.122
* Mon Feb 17 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.106-1
- update to 80.0.3987.106
* Wed Feb 5 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.87-1
- update to 80.0.3987.87
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
79.0.3945.130-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
clamav-0.102.2-4.el7 (FEDORA-EPEL-2020-c9de701438)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
Quiet freshclam-sleep
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 16 2020 Orion Poplawski <orion(a)cora.nwra.com> - 0.102.2-4
- Quiet freshclam-sleep when used with proxy
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1814698 - freshclam --quiet returns proxy on stdout
https://bugzilla.redhat.com/show_bug.cgi?id=1814698
--------------------------------------------------------------------------------
================================================================================
nss-mdns-0.14.1-7.el7 (FEDORA-EPEL-2020-b03097f59d)
glibc plugin for .local name resolution
--------------------------------------------------------------------------------
Update Information:
Do not remove mdns from nsswitch.conf during upgrade
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 17 2020 Pavel B��ezina <pbrezina(a)redhat.com> - 0.14.1-7
- Do not remove mdns from nsswitch.conf during upgrade
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.14.1-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1811935 - mdns breaks on F31->F32 upgrade
https://bugzilla.redhat.com/show_bug.cgi?id=1811935
--------------------------------------------------------------------------------
================================================================================
php-behat-gherkin-4.6.2-1.el7 (FEDORA-EPEL-2020-1c44b92cef)
Gherkin DSL parser for PHP
--------------------------------------------------------------------------------
Update Information:
## 4.6.2 / 2020-03-17 * Fixed issues due to incorrect cache key ## 4.6.1 /
2020-02-27 * Fix AZ translations * Correctly filter features, now that the base
path is correctly set ## 4.6.0 / 2019-01-16 * Updated translations (including
'Example' as synonym for 'Scenario' in `en`) ## 4.5.1 / 2017-08-30 *
Fix
regression in `PathsFilter` ## 4.5.0 / 2017-08-30 * Sync i18n with Cucumber
Gherkin * Drop support for HHVM tests on Travis * Add `TableNode::fromList()`
method (thanks @TravisCarden) * Add `ExampleNode::getOutlineTitle()` method
(thanks @duxet) * Use realpath, so the feature receives the cwd prefixed (thanks
@glennunipro) * Explicitly handle non-two-dimensional arrays in TableNode
(thanks @TravisCarden) * Fix to line/linefilter scenario runs which take
relative paths to files (thanks @generalconsensus)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 18 2020 Shawn Iwinski <shawn(a)iwin.ski> - 4.6.2-1
- Update to 4.6.2 (RHBZ #1808131)
* Tue Mar 17 2020 Shawn Iwinski <shawn(a)iwin.ski> - 4.6.1-2
- Conditional Symfony 2 or not
* Tue Mar 17 2020 Shawn Iwinski <shawn(a)iwin.ski> - 4.6.1-1
- Update to 4.6.1 (RHBZ #1808131)
- Conditionally use range dependencies
- Drop Symfony 2 interoperability
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1808131 - php-behat-gherkin-4.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1808131
--------------------------------------------------------------------------------
================================================================================
tor-0.3.5.10-1.el7 (FEDORA-EPEL-2020-33500a2742)
Anonymizing overlay network for TCP
--------------------------------------------------------------------------------
Update Information:
update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2019 Marcel H��rry <mh+fedora(a)scrit.ch> - 0.3.5.10-1
- update to latest upstream release
--------------------------------------------------------------------------------