The following Fedora EPEL 7 Security updates need testing: Age URL 659 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 421 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 140 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7 123 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 66 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6 compat-guile18-1.8.8-14.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-090cbd0a83 botan-1.10.14-3.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-73b4fc1c78 chromium-55.0.2883.87-1.el7.1 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d21e337184 hdf5-1.8.12-8.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0899019edf game-music-emu-0.6.1-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-911ea9b639 fedfind-3.2.3-1.el7 python-wikitcms-2.1.9-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-17165c490b nagios-plugins-2.1.4-2.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-403020225c tor-0.2.8.12-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a189d9c701 js-jquery1-1.12.4-2.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-11ee6fcfdf js-jquery-2.2.4-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-61ae084204 seamonkey-2.46-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b2e637ff5a python-wikitcms-2.1.10-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0fa3a954b0 borgbackup-1.0.9-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2e4783e791 php-PHPMailer-5.2.19-1.el7

The following builds have been pushed to Fedora EPEL 7 updates-testing

autowrap-0.9.2-1.20161226gitee9a4e.el7 borgbackup-1.0.9-1.el7 drupal7-ctools-1.12-1.el7 drupal7-diff-3.3-1.el7 drupal7-feeds-2.0-0.16.beta3.el7 drupal7-l10n_update-2.1-1.el7 drupal7-metatag-1.18-1.el7 globus-gssapi-gsi-12.13-1.el7 guake-0.8.8-1.el7 pagure-2.10.1-1.el7 perl-Test-mysqld-0.20-1.el7 perl-Text-Fuzzy-0.25-1.el7 perl-Time-Moment-0.41-1.el7 php-PHPMailer-5.2.19-1.el7 php-akamai-open-edgegrid-auth-0.6.2-1.el7 python-fedmsg-meta-fedora-infrastructure-0.17.8-1.el7 python-wikitcms-2.1.10-1.el7 yadifa-2.2.3-1.el7

Details about builds:

================================================================================ autowrap-0.9.2-1.20161226gitee9a4e.el7 (FEDORA-EPEL-2016-81d9c5e462) Generates Python Extension modules from [Cython] PXD files -------------------------------------------------------------------------------- Update Information:

- Update to 0.9.2 --------------------------------------------------------------------------------

================================================================================ borgbackup-1.0.9-1.el7 (FEDORA-EPEL-2016-0fa3a954b0) A deduplicating backup program with compression and authenticated encryption -------------------------------------------------------------------------------- Update Information:

upstream version 1.0.9 (BZ#1406277) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1406277 - borgbackup 1.0.9 is available (includes security fixes) https://bugzilla.redhat.com/show_bug.cgi?id=1406277 --------------------------------------------------------------------------------

================================================================================ drupal7-ctools-1.12-1.el7 (FEDORA-EPEL-2016-31e2635b41) Primarily a set of APIs and tools to improve the developer experience -------------------------------------------------------------------------------- Update Information:

[7.x-1.12](https://www.drupal.org/project/ctools/releases/7.x-1.12) [Full release log](https://www.drupal.org/project/ctools/releases?api_version%5B%5D=103) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1397368 - drupal7-ctools-1.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1397368 --------------------------------------------------------------------------------

================================================================================ drupal7-diff-3.3-1.el7 (FEDORA-EPEL-2016-3e15383ce0) Show differences between content revisions -------------------------------------------------------------------------------- Update Information:

[7.x-3.3](https://www.drupal.org/project/diff/releases/7.x-3.3) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1406369 - drupal7-diff-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406369 --------------------------------------------------------------------------------

================================================================================ drupal7-feeds-2.0-0.16.beta3.el7 (FEDORA-EPEL-2016-981ea57884) Aggregates RSS/Atom/RDF feeds, imports CSV files and more -------------------------------------------------------------------------------- Update Information:

[7.x-2.0-beta3](https://www.drupal.org/project/feeds/releases/7.x-2.0-beta3) [Full release log](https://www.drupal.org/project/feeds/releases?api_version%5B%5D=103) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1398472 - drupal7-feeds-2.0-beta3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1398472 --------------------------------------------------------------------------------

================================================================================ drupal7-l10n_update-2.1-1.el7 (FEDORA-EPEL-2016-fbde7e58ca) Provides automatic downloads and updates for translations -------------------------------------------------------------------------------- Update Information:

[7.x-2.1](https://www.drupal.org/project/l10n_update/releases/7.x-2.1) [Full release log](https://www.drupal.org/project/l10n_update/releases?api_version%5B%5D=103) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1401189 - drupal7-l10n_update-2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1401189 --------------------------------------------------------------------------------

================================================================================ drupal7-metatag-1.18-1.el7 (FEDORA-EPEL-2016-7695ad2058) Adds support and an API to implement meta tags -------------------------------------------------------------------------------- Update Information:

[7.x-1.18](https://www.drupal.org/project/metatag/releases/7.x-1.18) [Full release log](https://www.drupal.org/project/metatag/releases?api_version%5B%5D=103) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1400352 - drupal7-metatag-1.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400352 --------------------------------------------------------------------------------

================================================================================ globus-gssapi-gsi-12.13-1.el7 (FEDORA-EPEL-2016-c62fc4cffd) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information:

Test fixes. --------------------------------------------------------------------------------

================================================================================ guake-0.8.8-1.el7 (FEDORA-EPEL-2016-f082cc8c34) Drop-down terminal for GNOME -------------------------------------------------------------------------------- Update Information:

Features: - Close a tab with the middle button of the mouse Bug Fixes: - Fix error when toggle key was disabled - Update change news - Uppercase pallete name - Fix pylint errors - Convert README badge to SVG - Update Japanese translation - Update Russian translation - Updated CS translation - Update zh_CN translation Changelog at: https://github.com/Guake/guake/releases/tag/0.8.8 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1397684 - Temporarily visible on the wrong monitor https://bugzilla.redhat.com/show_bug.cgi?id=1397684 --------------------------------------------------------------------------------

================================================================================ pagure-2.10.1-1.el7 (FEDORA-EPEL-2016-cadc32892e) A git-centered forge -------------------------------------------------------------------------------- Update Information:

Update to 2.10.1 Changelog: - Update to 2.10.1 - Clean up the JS code in the settings page (Lubom��r Sedl����) - Fix the URLs in the `My Issues` and `My Pull- request` pages --------------------------------------------------------------------------------

================================================================================ perl-Test-mysqld-0.20-1.el7 (FEDORA-EPEL-2016-cf4dabaa85) Mysqld runner for tests -------------------------------------------------------------------------------- Update Information:

0.20 2016-12-20T07:30:45Z --- - fix dist name 0.18 2016-12-20T06:28:12Z --- - add impl of Test::mysqld::Multi (shogo82148) - support MySQL 5.7.6 or later (karupanerura ywatase) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1406379 - perl-Test-mysqld-0.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1406379 --------------------------------------------------------------------------------

================================================================================ perl-Text-Fuzzy-0.25-1.el7 (FEDORA-EPEL-2016-11970d798c) Partial string matching using edit distances -------------------------------------------------------------------------------- Update Information:

0.25 2016-12-07 * Documentation changes only -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1402386 - perl-Text-Fuzzy-0.25 is available https://bugzilla.redhat.com/show_bug.cgi?id=1402386 --------------------------------------------------------------------------------

================================================================================ perl-Time-Moment-0.41-1.el7 (FEDORA-EPEL-2016-02b890f26e) Represents a date and time of day with an offset from UTC -------------------------------------------------------------------------------- Update Information:

0.41 2016-12-10 --- - Time::Moment - Documented the precision value returned by ->precision() - Documented the optional precision value in ->compare() - Time::Moment::Adjusters - Corrected the NearestMinuteInterval example - Increased and documented the accepted values for NearestMinuteInterval 0.40 2016-11-26 --- - Correct forward function declaration to include interpreter context. Bug fix for #22, compilation with threaded perls. Reported by Slaven Rezi�� (eserte). 0.39 2016-11-25 --- - Added following methods to Time::Moment: - precision - with_precision - Added following adjusters to Time::Moment::Adjusters: - WesternEasterSunday() - OthodoxEasterSunday() - NearestMinuteInterval($interval) - Added following examples to eg/ - eg/se_bank_holidays.pl -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1398627 - perl-Time-Moment-0.41 is available https://bugzilla.redhat.com/show_bug.cgi?id=1398627 --------------------------------------------------------------------------------

================================================================================ php-PHPMailer-5.2.19-1.el7 (FEDORA-EPEL-2016-2e4783e791) PHP email transport class with a lot of features -------------------------------------------------------------------------------- Update Information:

** Version 5.2.19** (December 26th 2016) * Minor cleanup ** Version 5.2.18** (December 24th 2016) * **SECURITY** Critical security update for CVE-2016-10033 please update now! Thanks to [Dawid Golunski](https://legalhackers.com). * Add ability to extract the SMTP transaction ID from some common SMTP success messages * Minor documentation tweaks ** Version 5.2.17** (December 9th 2016) * This is officially the last feature release of 5.2. Security fixes only from now on; use PHPMailer 6.0! * Allow DKIM private key to be provided as a string * Provide mechanism to allow overriding of boundary and message ID creation * Improve Brazilian Portuguese, Spanish, Swedish, Romanian, and German translations * PHP 7.1 support for Travis-CI * Fix some language codes * Add security notices * Improve DKIM compatibility in older PHP versions * Improve trapping and capture of SMTP connection errors * Improve passthrough of error levels for debug output * PHPDoc cleanup --------------------------------------------------------------------------------

================================================================================ php-akamai-open-edgegrid-auth-0.6.2-1.el7 (FEDORA-EPEL-2016-98702ab5ed) Implements the Akamai {OPEN} EdgeGrid Authentication -------------------------------------------------------------------------------- Update Information:

### 0.6.2 [24 Dec, 2016] * Add support for using environment variables for credentials * General cleanup ### 0.6.1 [17 Dec, 2016] * Fix PHP 7.1 compatibility (@remicollet) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1405779 - php-akamai-open-edgegrid-auth-0.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1405779 [ 2 ] Bug #1408684 - php-akamai-open-edgegrid-auth-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1408684 --------------------------------------------------------------------------------

================================================================================ python-fedmsg-meta-fedora-infrastructure-0.17.8-1.el7 (FEDORA-EPEL-2016-828d082be6) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information:

Update to 0.17.8 ------------------ Pull Requests - (@puiterwijk) #410, All kojis now use https https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/pull/410 Commits - 682032986 All kojis now use https https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/commit/682032986 - 96957a490 Fix distgit URLs (#411) https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/commit/96957a490 --------------------------------------------------------------------------------

================================================================================ python-wikitcms-2.1.10-1.el7 (FEDORA-EPEL-2016-b2e637ff5a) Fedora QA wiki test management Python library -------------------------------------------------------------------------------- Update Information:

This update contains a SECURITY fix for an issue with potentially serious consequences but very limited scope. If an administrator of a wiki you talked to using python-wikitcms were malicious, they could cause arbitrary code execution as the user running wikitcms. No-one besides a wiki administrator could do this, as it requires crafting the wiki's response to an edit request to include a malicious payload. It also drops some now useless or unneeded code (due to changes in mediawiki and mwclient). --------------------------------------------------------------------------------

================================================================================ yadifa-2.2.3-1.el7 (FEDORA-EPEL-2016-8cebd55c99) Lightweight authoritative Name Server with DNSSEC capabilities -------------------------------------------------------------------------------- Update Information:

20161215: YADIFA 2.2.3 - Removed code triggering an ICE on ppc64le - Fixes an issue with the policies where the key size would not be matched - Fixes an issue with the generation of RSA keys that would be rejected by the policies - Included patches from the community about typos and gcc ICE on ppc64le. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1392892 - yadifa-2.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1392892 --------------------------------------------------------------------------------