Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

17 Feb 2021


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
  61  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4a9fc09599   openjpeg2-2.3.1-10.el7
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-01679b76db   chromium-88.0.4324.150-1.el7
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-3cc28d5469   php-horde-Horde-Text-Filter-2.3.7-1.el7
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-bb1731457c   prosody-0.11.8-1.el7
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f93d3d26db   privoxy-3.0.31-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cscppc-1.8.2-1.el7
    csdiff-2.1.0-1.el7
    csmock-2.7.1-1.el7
    cswrap-1.9.1-1.el7
    libmysofa-1.2-4.el7
    rubygem-rack-cors-1.0.6-1.el7
    snapd-2.49-2.el7
    zork-1.0.2-6.el7
Details about builds:
================================================================================
 cscppc-1.8.2-1.el7 (FEDORA-EPEL-2021-7ba3ab2485)
 A compiler wrapper that runs cppcheck in background
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 17 2021 Kamil Dudka kdudka@redhat.com 1.8.2-1
- update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
 csdiff-2.1.0-1.el7 (FEDORA-EPEL-2021-7ba3ab2485)
 Non-interactive tools for processing code scan results in plain-text
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 17 2021 Kamil Dudka kdudka@redhat.com 2.1.0-1
- update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
 csmock-2.7.1-1.el7 (FEDORA-EPEL-2021-7ba3ab2485)
 A mock wrapper for Static Analysis tools
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 17 2021 Kamil Dudka kdudka@redhat.com 2.7.1-1
- update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
 cswrap-1.9.1-1.el7 (FEDORA-EPEL-2021-7ba3ab2485)
 Generic compiler wrapper
--------------------------------------------------------------------------------
Update Information:
- update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 17 2021 Kamil Dudka kdudka@redhat.com 1.9.1-1
- update to latest upstream
--------------------------------------------------------------------------------
================================================================================
 libmysofa-1.2-4.el7 (FEDORA-EPEL-2021-389d1fe8e6)
 C functions for reading HRTFs
--------------------------------------------------------------------------------
Update Information:
Fixes various security issues by upgrading to the current 1.2 version.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb  8 2021 Nicolas Chauvet kwizart@gmail.com - 1.2-4
- Update to 1.2
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 1.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Aug  1 2020 Fedora Release Engineering releng@fedoraproject.org - 1.1-3
- Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1928824 - CVE-2020-36152 libmysofa: Buffer overflow in readDataVar in hdf/dataobject.c [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1928824
  [ 2 ] Bug #1928825 - CVE-2020-36152 libmysofa: Buffer overflow in readDataVar in hdf/dataobject.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1928825
  [ 3 ] Bug #1928826 - CVE-2020-36151 libmysofa: Incorrect handling of input data in mysofa_resampler_reset_mem function [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1928826
  [ 4 ] Bug #1928827 - CVE-2020-36151 libmysofa: Incorrect handling of input data in mysofa_resampler_reset_mem function [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1928827
  [ 5 ] Bug #1928829 - CVE-2020-36150 libmysofa: Incorrect handling of input data in loudness function [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1928829
  [ 6 ] Bug #1928830 - CVE-2020-36150 libmysofa: Incorrect handling of input data in loudness function [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1928830
  [ 7 ] Bug #1928833 - CVE-2020-36148 libmysofa: Incorrect handling of input data in verifyAttribute function [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1928833
  [ 8 ] Bug #1928834 - CVE-2020-36148 libmysofa: Incorrect handling of input data in verifyAttribute function [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1928834
  [ 9 ] Bug #1928835 - CVE-2020-36149 libmysofa: Incorrect handling of input data in changeAttribute function [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1928835
  [ 10 ] Bug #1928836 - CVE-2020-36149 libmysofa: Incorrect handling of input data in changeAttribute function [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1928836
--------------------------------------------------------------------------------
================================================================================
 rubygem-rack-cors-1.0.6-1.el7 (FEDORA-EPEL-2021-4dda69dcf1)
 Middleware for enabling Cross-Origin Resource Sharing in Rack apps
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.6, security fix for CVE-2019-18978
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 17 2021 Franti��ek Dvo����k valtri@civ.zcu.cz - 1.0.6-1
- Update to 1.0.6
- Fixes CVE-2019-18978
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1775111 - CVE-2019-18978 rubygem-rack-cors: allows ../ directory traversal to access private resources
        https://bugzilla.redhat.com/show_bug.cgi?id=1775111
--------------------------------------------------------------------------------
================================================================================
 snapd-2.49-2.el7 (FEDORA-EPEL-2021-238c81db79)
 A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
Fix SELinux policy to allow dbus-daemon watch access on /var/lib/snapd/dbus-1
[LP#1915642](https://bugs.launchpad.net/snappy/+bug/1915642)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 16 2021 Maciek Borzecki maciek.borzecki@gmail.com - 2.49-2
- Fix SELinux policy to allow dbus-daemon watch access on /var/lib/snapd/dbus-1 (LP#1915642)
--------------------------------------------------------------------------------
================================================================================
 zork-1.0.2-6.el7 (FEDORA-EPEL-2021-cf854a6587)
 Public Domain original DUNGEON game (Zork I)
--------------------------------------------------------------------------------
Update Information:
Remove compiler optimization flag to workaround segfault while upstream change
is assessed
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 17 2021 Justin W. Flory jflory7@fedoraproject.org - 1.0.2-6
- Remove compiler optimization flag to workaround segfault while upstream change is assessed
* Thu Jan 28 2021 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering releng@fedoraproject.org - 1.0.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1833823 - Zork crashes (after some commands)
        https://bugzilla.redhat.com/show_bug.cgi?id=1833823
--------------------------------------------------------------------------------