The following Fedora EPEL 7 Security updates need testing:
Age URL
301
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
93
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-925e9374c9
python-pymongo-3.0.3-1.el7
64
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
27
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-f82c6fc04a
p7zip-15.09-4.el7
23
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-67166d0519
shellinabox-2.19-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-fe8f5408df
moodle-3.0.1-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e943f1deb9
mediawiki123-1.23.13-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-5538691958
roundcubemail-1.1.4-2.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-864da6c179
nghttp2-1.6.0-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e21e03e52f
mono-2.10.8-9.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-3e181e41ca
openvpn-2.3.10-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
mono-2.10.8-9.el7
nghttp2-1.6.0-1.el7
nodejs-fs2-0.2.3-1.el7
ola-0.10.0-1.el7
openpgpkey-milter-0.5-1.el7
openvpn-2.3.10-1.el7
pcre2-10.20-3.el7
perl-Crypt-ScryptKDF-0.010-1.el7
perl-Schedule-Cron-Events-1.94-1.el7
perl-Set-Crontab-1.03-12.el7
perl-URI-Find-20140709-5.el7
python-vxi11-0.8-1.el7
Details about builds:
================================================================================
mono-2.10.8-9.el7 (FEDORA-EPEL-2016-e21e03e52f)
A .NET runtime environment
--------------------------------------------------------------------------------
Update Information:
apply patch for security issue CVE-2009-0689 (#1293640)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1293640 - mono: Converting specially crafted string to float causes crash and
possible code execution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1293640
--------------------------------------------------------------------------------
================================================================================
nghttp2-1.6.0-1.el7 (FEDORA-EPEL-2016-864da6c179)
Experimental HTTP/2 client, server and proxy
--------------------------------------------------------------------------------
Update Information:
- update to nghttp2-1.6.0 (fixes CVE-2015-8659)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1295351 - CVE-2015-8659 nghttp2: heap-use-after-free flaw in idle stream
handling code
https://bugzilla.redhat.com/show_bug.cgi?id=1295351
--------------------------------------------------------------------------------
================================================================================
nodejs-fs2-0.2.3-1.el7 (FEDORA-EPEL-2016-47eee51d4e)
Node.js fs (file system package) extensions
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1293058 - Review Request: nodejs-fs2 - Node.js fs (file system package)
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1293058
--------------------------------------------------------------------------------
================================================================================
ola-0.10.0-1.el7 (FEDORA-EPEL-2016-74e1ba2a21)
Open Lighting Architecture
--------------------------------------------------------------------------------
Update Information:
This is a version upgrade from 0.9.8 to 0.10.0. For the full changelog look
[
here](https://github.com/OpenLightingProject/ola/releases/tag/0.10.0) ----
This is a new package. The Open Lighting Architecture is a framework for
lighting control information. It supports a range of protocols and over a dozen
USB devices. It can run as a standalone service, which is useful for converting
signals between protocols, or alternatively using the OLA API, it can be used as
the back-end for lighting control software. OLA runs on many different platforms
including ARM, which makes it a perfect fit for low cost Ethernet to DMX
gateways.
--------------------------------------------------------------------------------
================================================================================
openpgpkey-milter-0.5-1.el7 (FEDORA-EPEL-2016-408bd25334)
OPENPGPKEY basd automatic encryption of emails using the milter API
--------------------------------------------------------------------------------
Update Information:
Updated to 0.5 which implements draft 06, uses lowercased LHS
--------------------------------------------------------------------------------
================================================================================
openvpn-2.3.10-1.el7 (FEDORA-EPEL-2016-3e181e41ca)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
--------------------------------------------------------------------------------
================================================================================
pcre2-10.20-3.el7 (FEDORA-EPEL-2016-621ab27d5b)
Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:
This new package provides next-generation reimplmenation of Perl-Compatible
Regular Expression library.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1194781 - Review Request: pcre2 - Perl-compatible regular expression library
https://bugzilla.redhat.com/show_bug.cgi?id=1194781
--------------------------------------------------------------------------------
================================================================================
perl-Crypt-ScryptKDF-0.010-1.el7 (FEDORA-EPEL-2016-cd16fcb0e1)
Scrypt password based key derivation function
--------------------------------------------------------------------------------
Update Information:
Update to 0.010 version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1287337 - perl-Crypt-ScryptKDF-0.010 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1287337
--------------------------------------------------------------------------------
================================================================================
perl-Schedule-Cron-Events-1.94-1.el7 (FEDORA-EPEL-2016-155fe74f51)
Take a line from a crontab and find out when events will occur
--------------------------------------------------------------------------------
Update Information:
Given a line from a crontab, tells you the time at which cron will next run the
line, or when the last event occurred, relative to any date you choose. The
object keeps that reference date internally, and updates it when you call
nextEvent() or previousEvent() - such that successive calls will give you a
sequence of events going forward, or backwards, in time.
--------------------------------------------------------------------------------
================================================================================
perl-Set-Crontab-1.03-12.el7 (FEDORA-EPEL-2016-0ac72ce5f3)
Expand crontab(5)-style integer lists
--------------------------------------------------------------------------------
Update Information:
Set::Crontab parses crontab-style lists of integers and defines some utility
functions to make it easier to deal with them.
--------------------------------------------------------------------------------
================================================================================
perl-URI-Find-20140709-5.el7 (FEDORA-EPEL-2016-6e026f6e91)
Find URIs in plain text
--------------------------------------------------------------------------------
Update Information:
This module does one thing: Finds URIs and URLs in plain text. It finds them
quickly and it finds them *all* (or what URI::URL considers a URI to be.) It
only finds URIs which include a scheme (http:// or the like), for something a
bit less strict have a look at URI::Find::Schemeless. For a command-line
interface, see Darren Chamberlain's 'urifind' script. It's available from
his
CPAN directory:
http://www.cpan.org/authors/id/D/DA/DARREN/
--------------------------------------------------------------------------------
================================================================================
python-vxi11-0.8-1.el7 (FEDORA-EPEL-2016-5c59b40903)
Python implementation of the VXI-11 protocol
--------------------------------------------------------------------------------
Update Information:
- New Python package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1294277 - Review Request: python-vxi11 - Python implementation of the VXI-11
protocol
https://bugzilla.redhat.com/show_bug.cgi?id=1294277
--------------------------------------------------------------------------------