The following Fedora EPEL 7 Security updates need testing:
Age URL
25
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2c81054303
remctl-3.14-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-cae67a6aed
knot-resolver-2.3.0-1.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e4a3d0e9ef
drupal7-7.59-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-996cb2153b
quassel-0.12.5-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5ae7f0e7c7
python-pygit2-0.26.4-1.el7 libgit2-0.26.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
auter-0.11-5.el7
boinc-client-7.10.2-1.el7
certbot-0.24.0-1.el7
freshmaker-0.1.0-1.el7
python-acme-0.24.0-1.el7
python-certbot-apache-0.24.0-2.el7
python-certbot-dns-cloudflare-0.24.0-1.el7
python-certbot-dns-cloudxns-0.24.0-1.el7
python-certbot-dns-digitalocean-0.24.0-1.el7
python-certbot-dns-dnsimple-0.24.0-1.el7
python-certbot-dns-dnsmadeeasy-0.24.0-1.el7
python-certbot-dns-google-0.24.0-1.el7
python-certbot-dns-luadns-0.24.0-1.el7
python-certbot-dns-nsone-0.24.0-1.el7
python-certbot-dns-rfc2136-0.24.0-1.el7
python-certbot-dns-route53-0.24.0-1.el7
python-certbot-nginx-0.24.0-1.el7
roundcubemail-1.1.12-2.el7
xrootd-4.8.3-1.el7
znc-1.7.0-1.el7
Details about builds:
================================================================================
auter-0.11-5.el7 (FEDORA-EPEL-2018-f291298b3e)
Prepare and apply updates
--------------------------------------------------------------------------------
Update Information:
Hotfix for the AUTOREBOOT issue
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
boinc-client-7.10.2-1.el7 (FEDORA-EPEL-2018-6dea3098fa)
The BOINC client
--------------------------------------------------------------------------------
Update Information:
New upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Laurence Field <laurence.field(a)cern.ch> - 7.10.2-1
- New BONC client version 7.10.2
* Wed Apr 25 2018 Laurence Field <laurence.field(a)cern.ch> - 7.10.1-1
- New BONC client version 7.10.1
* Fri Mar 9 2018 Laurence Field <laurence.field(a)cern.ch> - 7.9.3-1
- New BONC client version 7.9.3
* Fri Feb 23 2018 Germano Massullo <germano.massullo(a)gmail.com> - 7.9.2-3
- added macros to use mariadb-connector-c instead of mysql-* only for Fedora > 26
* Mon Feb 19 2018 Germano Massullo <germano.massullo(a)gmail.com> - 7.9.2-2
- Use mariadb-connector-c instead of mysql-libs or mariadb-libs. See bugreport #1494241
* Mon Feb 19 2018 Laurence Field <laurence.field(a)cern.ch> - 7.9.2-1
- New BONC client version 7.9.2
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.8.4-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Feb 2 2018 Germano Massullo <germano.massullo(a)gmail.com> - 7.8.4-4
- systemd unit file: changed from Type=forking to Type=simple and removed --daemon
--start_delay 1 from ExecStart
* Mon Jan 15 2018 Germano Massullo <germano.massullo(a)gmail.com> - 7.8.4-3
- Removed obsolete %defattr(-,root,root)
* Sun Jan 7 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 7.8.4-2
- Remove obsolete scriptlets
--------------------------------------------------------------------------------
================================================================================
certbot-0.24.0-1.el7 (FEDORA-EPEL-2018-035c58a78e)
A free, automated certificate authority client
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574140)
- Remove unnecessary patches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574140 - certbot-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574140
--------------------------------------------------------------------------------
================================================================================
freshmaker-0.1.0-1.el7 (FEDORA-EPEL-2018-f412f44514)
Freshmaker is a service scheduling rebuilds of artifacts as new content becomes
available.
--------------------------------------------------------------------------------
Update Information:
update to new version 0.1.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Jan Kaluza <jkaluza(a)redhat.com> - 0.1.0-1
- new version 0.1.0
--------------------------------------------------------------------------------
================================================================================
python-acme-0.24.0-1.el7 (FEDORA-EPEL-2018-a2a9241c02)
Python library for the ACME protocol
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574138)
- Remove unnecessary build dependencies and patches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574138 - python-acme-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574138
--------------------------------------------------------------------------------
================================================================================
python-certbot-apache-0.24.0-2.el7 (FEDORA-EPEL-2018-d8245c3e72)
The apache plugin for certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-2
- Remove unnecessary patch
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574151)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574151 - python-certbot-apache-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574151
--------------------------------------------------------------------------------
================================================================================
python-certbot-dns-cloudflare-0.24.0-1.el7 (FEDORA-EPEL-2018-fed5fc6e86)
Cloudflare DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574139)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574139 - python-certbot-dns-cloudflare-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574139
--------------------------------------------------------------------------------
================================================================================
python-certbot-dns-cloudxns-0.24.0-1.el7 (FEDORA-EPEL-2018-266946fa47)
CloudXNS DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574142)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574142 - python-certbot-dns-cloudxns-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574142
--------------------------------------------------------------------------------
================================================================================
python-certbot-dns-digitalocean-0.24.0-1.el7 (FEDORA-EPEL-2018-4ba2368492)
DigitalOcean DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574141)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574141 - python-certbot-dns-digitalocean-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574141
--------------------------------------------------------------------------------
================================================================================
python-certbot-dns-dnsimple-0.24.0-1.el7 (FEDORA-EPEL-2018-384a4c08a0)
DNSimple DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574145)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574145 - python-certbot-dns-dnsimple-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574145
--------------------------------------------------------------------------------
================================================================================
python-certbot-dns-dnsmadeeasy-0.24.0-1.el7 (FEDORA-EPEL-2018-ce065518a9)
DNS Made Easy DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574144)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574144 - python-certbot-dns-dnsmadeeasy-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574144
--------------------------------------------------------------------------------
================================================================================
python-certbot-dns-google-0.24.0-1.el7 (FEDORA-EPEL-2018-ec7720f479)
Google Cloud DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574143)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574143 - python-certbot-dns-google-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574143
--------------------------------------------------------------------------------
================================================================================
python-certbot-dns-luadns-0.24.0-1.el7 (FEDORA-EPEL-2018-4be20800c3)
LuaDNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574148)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574148 - python-certbot-dns-luadns-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574148
--------------------------------------------------------------------------------
================================================================================
python-certbot-dns-nsone-0.24.0-1.el7 (FEDORA-EPEL-2018-726d3ed745)
NS1 DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574147)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574147 - python-certbot-dns-nsone-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574147
--------------------------------------------------------------------------------
================================================================================
python-certbot-dns-rfc2136-0.24.0-1.el7 (FEDORA-EPEL-2018-abfc3e464a)
RFC 2136 DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574146)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574146 - python-certbot-dns-rfc2136-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574146
--------------------------------------------------------------------------------
================================================================================
python-certbot-dns-route53-0.24.0-1.el7 (FEDORA-EPEL-2018-20c35824fc)
Route53 DNS Authenticator plugin for Certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574149)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574149 - python-certbot-dns-route53-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574149
--------------------------------------------------------------------------------
================================================================================
python-certbot-nginx-0.24.0-1.el7 (FEDORA-EPEL-2018-e75bb9df21)
The nginx plugin for certbot
--------------------------------------------------------------------------------
Update Information:
Update to 0.24.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Eli Young <elyscape(a)gmail.com> - 0.24.0-1
- Update to 0.24.0 (#1574150)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574150 - python-certbot-nginx-0.24.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574150
--------------------------------------------------------------------------------
================================================================================
roundcubemail-1.1.12-2.el7 (FEDORA-EPEL-2018-ce811a54c9)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.12** This is a follow-up to the recent security update for the
stable version 1.1. It fixes a regression that sneaked in with the IMAP command
injection protection which unintentionally disabled actions that operate on all
selected messages (e.g. mark all as junk). We recommend to update all
productive installations of Roundcube 1.1.11. Please do backup your data before
updating! CHANGELOG * Fix regression where IMAP commands with '*' uidset
argument wasn't working ---- **Version 1.1.11** This is a security update to
the stable version 1.1. It fixes a recently reported vulnerability allowing IMAP
command injection via a GET parameters. More details about this are published
under CVE-2018-9846. The second fix is about a missed remote content blocking
on HTML messages with specially crafted image and style tags. We strongly
recommend to update all productive installations of Roundcube 1.1.x. Please do
backup your data before updating! CHANGELOG * Don't ignore (global)
userlogins/sendmail logs in per_user_logging mode * Fix security issue in
remote content blocking on HTML image and style tags (#6178) * Fix
check_request() bypass in places using get_uids() [CVE-2018-9846] (#6238) *
Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 3 2018 Remi Collet <remi(a)remirepo.net> - 1.1.12.2
- rename README.rpm -> README-rpm.txt, fix #1449517
* Wed May 2 2018 Remi Collet <remi(a)remirepo.net> - 1.1.12.1
- update to 1.1.12
* Thu Apr 19 2018 Remi Collet <remi(a)remirepo.net> - 1.1.11.1
- update to 1.1.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1566744 - CVE-2018-9846 roundcubemail: MX injection in archive.php
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1566744
[ 2 ] Bug #1449517 - README.rpm is bad name for readme file
https://bugzilla.redhat.com/show_bug.cgi?id=1449517
--------------------------------------------------------------------------------
================================================================================
xrootd-4.8.3-1.el7 (FEDORA-EPEL-2018-484cbdbb17)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
## Release Notes ### Version 4.8.3 #### Major bug fixes * **[XrdCl]** Release
SIDs on PostMaster::Send() failure.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 3 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1:4.8.3-1
- Update to version 4.8.3
- Drop patch xrootd-fix-compiling-errors.patch (accepted upstream)
--------------------------------------------------------------------------------
================================================================================
znc-1.7.0-1.el7 (FEDORA-EPEL-2018-954bacc71d)
An advanced IRC bouncer
--------------------------------------------------------------------------------
Update Information:
Update to 1.7.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 2 2018 Nick Bebout <nb(a)usi.edu> - 1.7.0-1
- Update to 1.7.0
* Mon Apr 30 2018 Pete Walter <pwalter(a)fedoraproject.org> - 1.6.6-2
- Rebuild for ICU 61.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574119 - znc-1.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574119
--------------------------------------------------------------------------------