The following Fedora EPEL 7 Security updates need testing:
Age URL
610
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
351
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
349
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
58
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b23fa957bb
drupal7-ckeditor-1.19-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-16bf726581
php-robrichards-xmlseclibs1-1.4.3-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-181270fbae
chromium-80.0.3987.163-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-34295ace88
cacti-1.2.11-1.el7 cacti-spine-1.2.11-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b6453e2708
nrpe-4.0.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
NetworkManager-fortisslvpn-1.2.8-7.el7
epel-rpm-macros-7-24
libasr-1.0.4-2.el7
netdata-1.21.1-1.el7
openhantek-3.0.4b-1.el7
opensmtpd-6.6.4p1-3.el7
python-betamax-0.7.1-2.el7
python-pyrfc3339-1.1-3.el7
python-regex-2020.4.4-1.el7
qpid-dispatch-1.11.0-1.el7
youtube-dl-2020.03.24-1.el7
Details about builds:
================================================================================
NetworkManager-fortisslvpn-1.2.8-7.el7 (FEDORA-EPEL-2020-b243b0dcb6)
NetworkManager VPN plugin for Fortinet compatible SSLVPN
--------------------------------------------------------------------------------
Update Information:
Update DNS peer handling with new patch.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 15 2020 Simone Caronni <negativo17(a)gmail.com> - 1.2.8-7
- Update DNS handling patch.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1820906 - NetworkManager-fortisslvpn overwrites /etc/resolv.conf
https://bugzilla.redhat.com/show_bug.cgi?id=1820906
--------------------------------------------------------------------------------
================================================================================
epel-rpm-macros-7-24 (FEDORA-EPEL-2020-3c0bec7842)
Extra Packages for Enterprise Linux RPM macros
--------------------------------------------------------------------------------
Update Information:
Add the `%pycached` macro as [described in Fedora's Python packaging
guidelines](https://docs.fedoraproject.org/en-US/packaging-
guidelines/Python/#_byte_compiling).
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 28 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 7-24
- Add the %pycached macro
--------------------------------------------------------------------------------
================================================================================
libasr-1.0.4-2.el7 (FEDORA-EPEL-2020-ede50a3d8b)
Free, simple and portable asynchronous resolver library
--------------------------------------------------------------------------------
Update Information:
Release 6.6.4p1 (2020-02-24) - An out of bounds read in smtpd allows an
attacker to inject arbitrary commands into the envelope file which are then
executed as root. Separately, missing privilege revocation in smtpctl allows
arbitrary commands to be run with the _smtpq group. Release 6.6.3p1
(2020-02-10) - Following the 6.6.2p1 release, various improvements were done in
OpenBSD -current to mitigate the risk of similar bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 10 2020 Denis Fateyev <denis(a)fateyev.com> - 1.0.4-2
- Rebuilt for epel7 compatibility
* Thu Jan 30 2020 Denis Fateyev <denis(a)fateyev.com> - 1.0.4-1
- Update to 1.0.4 release
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Aug 28 2019 Denis Fateyev <denis(a)fateyev.com> - 1.0.2-11
- Spec cleanup from deprecated items
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1765905 - libasr-1.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1765905
[ 2 ] Bug #1797597 - CVE-2020-7247 opensmtpd: arbitrary commands execution in
smtp_mailaddr in smtp_session.c via crafted SMTP session [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1797597
[ 3 ] Bug #1801477 - opensmtpd-6.6.4p1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1801477
[ 4 ] Bug #1806874 - CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged
attacker can result in information disclosure or privilege escalation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1806874
[ 5 ] Bug #1809061 - CVE-2020-8794 opensmtpd: An out-of-bounds read could lead to remote
code execution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1809061
--------------------------------------------------------------------------------
================================================================================
netdata-1.21.1-1.el7 (FEDORA-EPEL-2020-df79ef53bd)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream ---- Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 14 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.21.1-1
- Update from upstream
* Tue Apr 7 2020 Didier Fabert <didier.fabert(a)gmail.com> 1.21.0-1
- Update from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1821125 - netdata-1.21.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1821125
[ 2 ] Bug #1823449 - netdata-1.21.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1823449
--------------------------------------------------------------------------------
================================================================================
openhantek-3.0.4b-1.el7 (FEDORA-EPEL-2020-c15ad742ac)
Hantek and compatible USB digital signal oscilloscope
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.4b.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 14 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 3.0.4b-1
- Update to 3.0.4b
--------------------------------------------------------------------------------
================================================================================
opensmtpd-6.6.4p1-3.el7 (FEDORA-EPEL-2020-ede50a3d8b)
Free implementation of the server-side SMTP protocol as defined by RFC 5321
--------------------------------------------------------------------------------
Update Information:
Release 6.6.4p1 (2020-02-24) - An out of bounds read in smtpd allows an
attacker to inject arbitrary commands into the envelope file which are then
executed as root. Separately, missing privilege revocation in smtpctl allows
arbitrary commands to be run with the _smtpq group. Release 6.6.3p1
(2020-02-10) - Following the 6.6.2p1 release, various improvements were done in
OpenBSD -current to mitigate the risk of similar bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 10 2020 Denis Fateyev <denis(a)fateyev.com> - 6.6.4p1-3
- Rebuilt for epel7 compatibility
* Fri Feb 28 2020 Denis Fateyev <denis(a)fateyev.com> - 6.6.4p1-2
- Add "legacy_common_support" build option
* Mon Feb 24 2020 Denis Fateyev <denis(a)fateyev.com> - 6.6.4p1-1
- Update to 6.6.4p1 release
* Thu Jan 30 2020 Denis Fateyev <denis(a)fateyev.com> - 6.6.2p1-1
- Update to 6.6.2p1 release
- Remove obsolete patch and spec cleanup
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.3p1-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.3p1-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.3p1-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 6.0.3p1-6
- Rebuilt for libcrypt.so.2 (#1666033)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1765905 - libasr-1.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1765905
[ 2 ] Bug #1797597 - CVE-2020-7247 opensmtpd: arbitrary commands execution in
smtp_mailaddr in smtp_session.c via crafted SMTP session [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1797597
[ 3 ] Bug #1801477 - opensmtpd-6.6.4p1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1801477
[ 4 ] Bug #1806874 - CVE-2020-8793 opensmtpd: Reading of arbitrary file by unprivileged
attacker can result in information disclosure or privilege escalation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1806874
[ 5 ] Bug #1809061 - CVE-2020-8794 opensmtpd: An out-of-bounds read could lead to remote
code execution [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1809061
--------------------------------------------------------------------------------
================================================================================
python-betamax-0.7.1-2.el7 (FEDORA-EPEL-2020-056ed26693)
VCR imitation for python-requests
--------------------------------------------------------------------------------
Update Information:
add Python 3 subpackage (rhbz #1823097)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 12 2020 Felix Schwarz <fschwarz(a)fedoraproject.org> - 0.7.1-2
- add Python 3 subpackage (rhbz #1823097)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1823097 - python-betamax: please provide Python 3 version in EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1823097
--------------------------------------------------------------------------------
================================================================================
python-pyrfc3339-1.1-3.el7 (FEDORA-EPEL-2020-932564bee1)
Generate and parse RFC 3339 timestamps
--------------------------------------------------------------------------------
Update Information:
update to 1.1, adding Python 3 subpackage
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 14 2020 Felix Schwarz <fschwarz(a)fedoraproject.org> - 1.1-3
- also package+run unit tests
- build Python 3 subpackage also in EPEL 7
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Oct 8 2019 Eli Young <elyscape(a)gmail.com> - 1.1-1
- Update to 1.1 (#1697425)
* Thu Oct 3 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.0-16
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.0-15
- Rebuilt for Python 3.8
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 9 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.0-12
- Subpackage python2-pyrfc3339 has been removed
See
https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1.0-10
- Rebuilt for Python 3.7
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 27 2018 Iryna Shcherbina <ishcherb(a)redhat.com> - 1.0-8
- Update Python 2 dependency declarations to new packaging standards
(See
https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Dec 19 2016 Miro Hron��ok <mhroncok(a)redhat.com> - 1.0-5
- Rebuild for Python 3.6
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0-4
-
https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_...
* Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1813672 - python-pyrfc3339: provide Python 3 package for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1813672
--------------------------------------------------------------------------------
================================================================================
python-regex-2020.4.4-1.el7 (FEDORA-EPEL-2020-0a4bd3f3b7)
Alternative regular expression module, to replace re
--------------------------------------------------------------------------------
Update Information:
Update Regex to the latest released version.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 14 2020 Thomas Moschny <thomas.moschny(a)gmx.de> - 2020.4.4-1
- Update to 2020.4.4.
--------------------------------------------------------------------------------
================================================================================
qpid-dispatch-1.11.0-1.el7 (FEDORA-EPEL-2020-467296f7a2)
Dispatch router for Qpid
--------------------------------------------------------------------------------
Update Information:
Rebased to 1.11.0.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 13 2020 Irina Boverman <iboverma(a)redhat.com> - 1.11.0-1
- Rebased to 1.11.0
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2020.03.24-1.el7 (FEDORA-EPEL-2020-7546933da6)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to 2020.03.24
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 13 2020 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 2020.03.24-1
- Update to 2020.03.24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1810696 - youtube-dl-2020.03.24 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1810696
[ 2 ] Bug #1811440 - Request update to latest version
https://bugzilla.redhat.com/show_bug.cgi?id=1811440
--------------------------------------------------------------------------------