The following Fedora EPEL 7 Security updates need testing:
Age URL
79
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binut...
15
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0290/python-djan...
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0318/php-ZendFra...
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0399/polarssl-1....
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0465/mingw-jaspe...
4
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0437/qpid-cpp-0....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0548/php-extras-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0564/pigz-2.3.3-...
The following builds have been pushed to Fedora EPEL 7 updates-testing
freeradius-client-1.1.7-3.el7
glite-px-proxyrenewal-1.3.36-2.el7
nodejs-read-all-stream-1.0.2-1.el7
perl-Time-Period-1.23-1.el7
php-aws-sdk-2.7.17-1.el7
pigz-2.3.3-1.el7
tcpcrypt-0.4-0.3.bb990b1b.el7
Details about builds:
================================================================================
freeradius-client-1.1.7-3.el7 (FEDORA-EPEL-2015-0565)
RADIUS protocol client library
--------------------------------------------------------------------------------
Update Information:
Line wrapped description message
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1171129 - Review Request: freeradius-client - Client library and utilities
for radius
https://bugzilla.redhat.com/show_bug.cgi?id=1171129
--------------------------------------------------------------------------------
================================================================================
glite-px-proxyrenewal-1.3.36-2.el7 (FEDORA-EPEL-2015-0563)
gLite proxyrenewal renews existing proxy certificates for grid users
--------------------------------------------------------------------------------
Update Information:
New version released. Fixed build from source and manual page update.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2015 František Dvořák <valtri(a)civ.zcu.cz> - 1.3.36-2
- Patch to fix build with recent build tools
* Mon Oct 27 2014 František Dvořák <valtri(a)civ.zcu.cz> - 1.3.36-1
- Release glite-px-proxyrenewal 1.3.36
- Patches merged upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1187485 - FTBFS in epel7 possibly because of updated build dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1187485
--------------------------------------------------------------------------------
================================================================================
nodejs-read-all-stream-1.0.2-1.el7 (FEDORA-EPEL-2015-0569)
Read all stream content and pass it to callback
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.2 release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2015 Parag Nemade <pnemade AT redhat DOT com> - 1.0.2-1
- Update to 1.0.2 release
* Sat Jan 24 2015 Parag Nemade <pnemade AT redhat DOT com> - 1.0.1-1
- Update to 1.0.1 release
--------------------------------------------------------------------------------
================================================================================
perl-Time-Period-1.23-1.el7 (FEDORA-EPEL-2015-0562)
A Perl module to deal with time periods
--------------------------------------------------------------------------------
Update Information:
Period.pm is a Perl module that contains code to deal with time periods.
--------------------------------------------------------------------------------
================================================================================
php-aws-sdk-2.7.17-1.el7 (FEDORA-EPEL-2015-0568)
Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:
## 2.7.17 - 2015-01-27
* Added support for `getShippingLabel` to the AWS Import/Export client.
* Updated the AWS Lambda client.
## 2.7.16 - 2015-01-20
* Added support for custom security groups to the Amazon EMR client.
* Added support for the latest APIs to the Amazon Cognito Identity client.
* Added support for ClassicLink to the Auto Scaling client.
* Added the ability to set a client's API version to "latest" for forwards
compatibility with v3.
## 2.7.15 - 2015-01-15
* Added support for [HLS Content
Protection](https://aws.amazon.com/releasenotes/3388917394239147) to the Elastic
Transcoder client.
* Updated client factory logic to add the `SignatureListener`, even when `NullCredentials`
have been specified. This way, you can update a client's credentials later if you want
to begin signing requests.
## 2.7.14 - 2015-01-09
* Fixed a regression in the CloudSearch Domain client (#448).
## 2.7.13 - 2015-01-08
* Added the Amazon EC2 Container Service client.
* Added the Amazon CloudHSM client.
* Added support for dynamic fields to the Amazon CloudSearch client.
* Added support for the ClassicLink feature to the Amazon EC2 client.
* Updated the Amazon RDS client to use the latest 2014-10-31 API.
* Updated S3 signature so retries use a new Date header on each attempt.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2015 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 2.7.17-1
- Updated to 2.7.17 (BZ #1180500)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1180500 - php-aws-sdk-2.7.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1180500
--------------------------------------------------------------------------------
================================================================================
pigz-2.3.3-1.el7 (FEDORA-EPEL-2015-0564)
Parallel implementation of gzip
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.3, fixes CVE-2015-1191:
- Return zero exit code when only warnings are issued
- Increase speed of unlzw (Unix compress decompression)
- Update zopfli to current google state
- Allow larger maximum blocksize (-b), now 512 MiB
- Do not require that -d precede -N, -n, -T options
- Strip any path from header name for -dN or -dNT
- Remove use of PATH_MAX (PATH_MAX is not reliable)
- Do not abort on inflate data error, do remaining files
- Check gzip header CRC if present
- Improve decompression error detection and reporting
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2015 Orion Poplawski <orion(a)cora.nwra.com> - 2.3.3-1
- Update to 2.3.3, fixes CVE-2015-1191 (bug #1181045)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.3.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.3.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1181045 - CVE-2015-1191 pigz: directory traversal vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1181045
--------------------------------------------------------------------------------
================================================================================
tcpcrypt-0.4-0.3.bb990b1b.el7 (FEDORA-EPEL-2015-0571)
Opportunistically encrypt TCP connections
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1122777 - Review Request: tcpcrypt - Opportunistically encrypt TCP
connections
https://bugzilla.redhat.com/show_bug.cgi?id=1122777
--------------------------------------------------------------------------------