The following Fedora EPEL 7 Security updates need testing:
Age URL
467
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
209
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
206
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-5fecd4c331
libmodbus-3.0.8-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d8f3c6a443
chromium-78.0.3904.97-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-58be818bb4
thunderbird-enigmail-2.1.3-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8a7207a341
libidn2-2.3.0-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aff200699c
mingw-libidn2-2.3.0-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b1761c2898
imapfilter-2.6.15-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1a5ac407f8
jhead-3.04-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
clamav-0.101.5-1.el7
gammu-1.41.0-1.el7
opentrep-0.07.4-1.el7
pspg-2.6.0-1.el7
Details about builds:
================================================================================
clamav-0.101.5-1.el7 (FEDORA-EPEL-2019-d6b0a398c2)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
- Drop clamd(a)scan.service file (bz#1725810) ClamAV 0.101.5 is a security patch
release that addresses the following issues. - CVE-2019-15961:
A Denial-of-Service (DoS) vulnerability may occur when scanning a specially
crafted email file as a result of excessively long scan times. The issue is
resolved by implementing several maximums in parsing MIME messages and by
optimizing use of memory allocation. - Added the zip scanning improvements
found in v0.102.0 where it scans files using zip records from a sorted catalogue
which provides deduplication of file records resulting in faster extraction and
scan time and reducing the likelihood of alerting on non-malicious duplicate
file entries as overlapping files. - Signature load time is significantly
reduced by changing to a more efficient algorithm for loading signature patterns
and allocating the AC trie. Patch courtesy of Alberto Wu. - Introduced a new
configure option to statically link libjson-c with libclamav. Static linking
with libjson is highly recommended to prevent crashes in applications that use
libclamav alongside another JSON parsing library. - Null-dereference fix in
email parser when using the --gen-json metadata option. ---- Add
TimeoutStartSec=420 to clamd@.service to match upstream
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 23 2019 Orion Poplawski <orion(a)nwra.com> - 0.101.5-1
- Update to 0.101.5 (CVE-2019-15961) (bz#1775550)
* Mon Nov 18 2019 Orion Poplawski <orion(a)nwra.com> - 0.101.4-3
- Drop clamd(a)scan.service file (bz#1725810)
- Change /var/run to /run
* Mon Nov 18 2019 Orion Poplawski <orion(a)nwra.com> - 0.101.4-2
- Add TimeoutStartSec=420 to clamd@.service to match upstream (bz#1764835)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1631525 - clamav: clamscan --get-json does not output JSON
https://bugzilla.redhat.com/show_bug.cgi?id=1631525
[ 2 ] Bug #1775550 - Request to build clamav 0.101.5 for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1775550
[ 3 ] Bug #1725810 - /usr/lib/systemd/system/clamd@scan.service:1: .include directives
are deprecated
https://bugzilla.redhat.com/show_bug.cgi?id=1725810
[ 4 ] Bug #1764835 - clamd at 100% CPU and SystemD keeps restarting clamd
https://bugzilla.redhat.com/show_bug.cgi?id=1764835
--------------------------------------------------------------------------------
================================================================================
gammu-1.41.0-1.el7 (FEDORA-EPEL-2019-5c1d075f96)
Command Line utility to work with mobile phones
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 27 2019 Fedora Release Monitoring <release-monitoring(a)fedoraproject.org> -
1.41.0-1
- Update to 1.41.0 (#1756318)
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.40.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jun 14 2019 S��rgio Basto <sergio(a)serjux.com> - 1.40.0-1
- Update to 1.40.0 (#1670142)
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.39.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.39.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 21 2018 S��rgio Basto <sergio(a)serjux.com> - 1.39.0-3
- Remove old udev rule nokiadku2 because use the unknown group pludev (#1592452)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.39.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1756318 - gammu-1.41.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1756318
--------------------------------------------------------------------------------
================================================================================
opentrep-0.07.4-1.el7 (FEDORA-EPEL-2019-8252c50d83)
C++ library providing a clean API for parsing travel-focused requests
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream 0.07.4
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 24 2019 Denis Arnaud <denis.arnaud_fedora(a)m4x.org> - 0.07.4-1
- Upstream update to 0.07.4
--------------------------------------------------------------------------------
================================================================================
pspg-2.6.0-1.el7 (FEDORA-EPEL-2019-1b5eb60c44)
A unix pager optimized for psql
--------------------------------------------------------------------------------
Update Information:
new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/2.6.0 ---- new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 24 2019 Pavel Raiskup <praiskup(a)redhat.com> - 2.6.0-1
- new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/2.6.0
* Tue Nov 19 2019 Pavel Raiskup <praiskup(a)redhat.com> - 2.5.5-1
- new upstream release, per release notes:
https://github.com/okbob/pspg/releases/tag/2.5.3
https://github.com/okbob/pspg/releases/tag/2.5.4
https://github.com/okbob/pspg/releases/tag/2.5.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1775977 - pspg-2.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1775977
[ 2 ] Bug #1768349 - pspg-2.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1768349
--------------------------------------------------------------------------------