The following Fedora EPEL 7 Security updates need testing:
Age URL
166
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binut...
61
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0862/nodejs-0.10...
50
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1087/dokuwiki-0-...
50
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0952/qpid-qmf-0....
33
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1421/quassel-0.1...
27
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1545/strongswan-...
22
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1596/postgis-2.0...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5811/qt5-qtbase-...
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5703/php-pecl-ze...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5832/mingw-gnutl...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5973/mingw-libti...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5991/mingw-libgc...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5995/mingw-qt-4....
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5960/testdisk-7....
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5987/mingw-opens...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5994/mingw-qt5-q...
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5971/mingw-curl-...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6006/dpkg-1.16.1...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6018/pdns-3.4.4-...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6023/pdns-recurs...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6030/proftpd-1.3...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5937/wordpress-4...
The following builds have been pushed to Fedora EPEL 7 updates-testing
flxmlrpc-0.1.3-1.el7
hylafax+-5.5.6-1.el7
lnst-8-1.el7
nx-libs-3.5.0.31-1.el7
perl-Excel-Writer-XLSX-0.84-1.el7
php-horde-Horde-Imap-Client-2.28.0-1.el7
proftpd-1.3.5-5.el7
python-email_reply_parser-0.3.0-20140523git76e9481.el7
python-fedimg-0.6-1.el7
python-fedmsg-meta-fedora-infrastructure-0.5.2-1.el7
python-myghty-1.2-5.el7
python-waitress-0.8.9-5.el7
supybot-fedora-0.3.2-1.el7
wordpress-4.2.1-1.el7
x2goserver-4.0.1.19-3.el7
Details about builds:
================================================================================
flxmlrpc-0.1.3-1.el7 (FEDORA-EPEL-2015-6044)
An xmlrpc library for the NBEMS suite of programs
--------------------------------------------------------------------------------
Update Information:
Initial import (#1214467).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214467 - Review Request: flxmlrpc - An xmlrpc library for the NBEMS suite of
programs
https://bugzilla.redhat.com/show_bug.cgi?id=1214467
--------------------------------------------------------------------------------
================================================================================
hylafax+-5.5.6-1.el7 (FEDORA-EPEL-2015-6042)
An enterprise-strength fax server
--------------------------------------------------------------------------------
Update Information:
update to 5.5.6
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Lee Howard <faxguy(a)howardsilvan.com> 5.5.6-1
- update to 5.5.6
--------------------------------------------------------------------------------
================================================================================
lnst-8-1.el7 (FEDORA-EPEL-2015-6048)
Common code for lnst-ctl and lnst-slave
--------------------------------------------------------------------------------
Update Information:
- Updating to stable release 8
- Fixed subpackages dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Jiri Pirko <jpirko(a)redhat.com> - 8-1
- Updating to stable release 8
- Fixed subpackages dependencies
--------------------------------------------------------------------------------
================================================================================
nx-libs-3.5.0.31-1.el7 (FEDORA-EPEL-2015-6043)
NX X11 protocol compression libraries
--------------------------------------------------------------------------------
Update Information:
- Install applications symlink by default so that "Published Applications" is
populated (bug #1215474)
- Update to nx-libs 3.5.0.31 (mostly OSX and other non-Fedora changes)
- Have x2goagent own /etc/x2go to ensure proper cleanup
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Orion Poplawski <orion(a)cora.nwra.com> - 3.5.0.31-1
- Update to 3.5.0.31
- Own /etc/x2go to ensure proper cleanup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215474 - X2Go "Published Applications" list is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1215474
--------------------------------------------------------------------------------
================================================================================
perl-Excel-Writer-XLSX-0.84-1.el7 (FEDORA-EPEL-2015-6034)
Create a new file in the Excel 2007+ XLSX format
--------------------------------------------------------------------------------
Update Information:
Update to 0.84
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 David Dick <ddick(a)cpan.org> - 0.84-1
- Update to 0.84
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214711 - perl-Excel-Writer-XLSX-0.84 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1214711
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.28.0-1.el7 (FEDORA-EPEL-2015-6032)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.28.0**
* [mms] Fix parsing mailbox name from STATUS response on servers that have the UTF8
extension enabled.
* [jan] Fix searching with non-ASCII strings in AND/OR-combined searches.
* [jan] Fix issues with certain locales like Turkish.
* [mms] Pipeline ID command with other commands, if possible.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Remi Collet <remi(a)fedoraproject.org> - 2.28.0-1
- Update to 2.28.0
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.5-5.el7 (FEDORA-EPEL-2015-6030)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy
module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by
unauthenticated clients
Upstream report:
http://bugs.proftpd.org/show_bug.cgi?id=4169
Note that mod_copy is not loaded/enabled by default in the EPEL-7 package.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Paul Howarth <paul(a)city-fan.org> - 1.3.5-5
- Unauthenticated copying of files via SITE CPFR/CPTO was allowed by mod_copy
(CVE-2015-3306,
http://bugs.proftpd.org/show_bug.cgi?id=4169)
* Tue Feb 10 2015 Paul Howarth <paul(a)city-fan.org> - 1.3.5-4
- Anonymous upload directory specification needs to be slightly different if
mod_vroot is in use (#1045922)
http://sourceforge.net/p/proftp/mailman/message/31728570/
- Use %license where possible
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1212386 - CVE-2015-3306 proftpd: unauthenticated copying of files via SITE
CPFR/CPTO allowed by mod_copy
https://bugzilla.redhat.com/show_bug.cgi?id=1212386
--------------------------------------------------------------------------------
================================================================================
python-email_reply_parser-0.3.0-20140523git76e9481.el7 (FEDORA-EPEL-2015-6037)
Email reply parser library for Python 2
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
================================================================================
python-fedimg-0.6-1.el7 (FEDORA-EPEL-2015-6046)
Automatically upload Fedora Cloud images to cloud providers
--------------------------------------------------------------------------------
Update Information:
performance increases and bug fixes
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2015 David Gay <dgay(a)redhat.com> - 0.6.0-1
- new release
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.5.2-1.el7 (FEDORA-EPEL-2015-6033)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
New FAF processor \(thanks @mbrysa!\) and a bugfix to the planet processor.
New zanata processor. Fixes to anitya processor.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Ralph Bean <rbean(a)redhat.com> - 0.5.2-1
- new version
* Thu Apr 23 2015 Ralph Bean <rbean(a)redhat.com> - 0.5.1-1
- new version
* Thu Apr 23 2015 Ralph Bean <rbean(a)redhat.com> - 0.5.0-1
- new version
--------------------------------------------------------------------------------
================================================================================
python-myghty-1.2-5.el7 (FEDORA-EPEL-2015-6038)
Python-based templating system derived from HTML::Mason
--------------------------------------------------------------------------------
Update Information:
Initial package for epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1175527 - python-myghty: Build for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1175527
--------------------------------------------------------------------------------
================================================================================
python-waitress-0.8.9-5.el7 (FEDORA-EPEL-2015-6031)
Waitress WSGI server
--------------------------------------------------------------------------------
Update Information:
Initial packaging for el7.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1213981 - Please branch and build for epel7
https://bugzilla.redhat.com/show_bug.cgi?id=1213981
--------------------------------------------------------------------------------
================================================================================
supybot-fedora-0.3.2-1.el7 (FEDORA-EPEL-2015-6047)
Plugin for Supybot to interact with Fedora services
--------------------------------------------------------------------------------
Update Information:
Nag people about naked pings. Adjust karma responses in channel.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Ralph Bean <rbean(a)redhat.com> - 0.3.2-1
- new version
--------------------------------------------------------------------------------
================================================================================
wordpress-4.2.1-1.el7 (FEDORA-EPEL-2015-5937)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.2 “Powell” **
* Upstream announcement
https://wordpress.org/news/2015/04/powell/
**WordPress 4.2.1 Security Release**
* Upstream announcement
https://wordpress.org/news/2015/04/wordpress-4-2-1/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Remi Collet <remi(a)fedoraproject.org> - 4.2.1-1
- WordPress 4.2.1 Security Release
- WordPress 4.2 “Powell”
* Fri Apr 24 2015 Remi Collet <remi(a)fedoraproject.org> - 4.1.3-1
- WordPress 4.1.3 Maintenance Release
* Thu Apr 23 2015 Remi Collet <remi(a)fedoraproject.org> - 4.1.2-1
- WordPress 4.1.2 Security Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214650 - wordpress: several vulnerabilities fixed in Wordpress 4.1.2
https://bugzilla.redhat.com/show_bug.cgi?id=1214650
[ 2 ] Bug #1216069 - wordpress: stored XSS via long comments
https://bugzilla.redhat.com/show_bug.cgi?id=1216069
--------------------------------------------------------------------------------
================================================================================
x2goserver-4.0.1.19-3.el7 (FEDORA-EPEL-2015-6043)
X2Go Server
--------------------------------------------------------------------------------
Update Information:
- Install applications symlink by default so that "Published Applications" is
populated (bug #1215474)
- Update to nx-libs 3.5.0.31 (mostly OSX and other non-Fedora changes)
- Have x2goagent own /etc/x2go to ensure proper cleanup
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 26 2015 Orion Poplawski <orion(a)cora.nwra.com> - 4.0.1.19-3
- Install applications symlink by default so that "Published
Applications" is populated (bug #1215474)
* Wed Mar 18 2015 Orion Poplawski <orion(a)cora.nwra.com> - 4.0.1.19-2
- Provide x2goserver-extensions for upstream compatibility
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215474 - X2Go "Published Applications" list is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1215474
--------------------------------------------------------------------------------