The following Fedora EPEL 7 Security updates need testing:
Age URL
841
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
603
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
185
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
83
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
81
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4
tnef-1.4.14-1.el7
80
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
15
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4aae1e22f1
lxc-1.0.10-2.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d9786818e4
python-nbxmpp-0.5.6-1.el7 gajim-0.16.8-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a8886eb42e
cross-binutils-2.28-1.el7 cross-gcc-7.0.1-0.4.el7.1.1
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30baf73207
chromium-59.0.3071.104-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-abfcb66c76
python-djblets-0.9.8-1.el7 ReviewBoard-2.5.13.1-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5ab90c7180
zabbix20-2.0.21-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-eb357ac3b3
zabbix22-2.2.18-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7c2e699925
catdoc-0.95-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b6bc17c1
globus-xio-5.16-1.el7 globus-net-manager-0.17-1.el7 globus-gass-cache-program-6.7-1.el7
globus-gass-copy-9.27-1.el7 globus-gssapi-gsi-12.16-1.el7
globus-gram-job-manager-14.36-1.el7 globus-gridftp-server-12.2-1.el7 globus-io-11.9-1.el7
globus-xio-gsi-driver-3.11-1.el7 globus-xio-pipe-driver-3.10-1.el7
globus-xio-udt-driver-1.27-1.el7 myproxy-6.1.28-1.el7 globus-ftp-client-8.35-2.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bcfa38e123
drupal7-7.56-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1ee32a5ffa
libtomcrypt-1.17-25.el7 libtommath-0.42.0-5.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2b04537603
phpMyAdmin-4.4.15.10-2.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-2ba20eeb97
php-horde-Horde-Image-2.5.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
audacious-3.8.2-2.el7
audacious-plugins-3.8.2-3.el7
golang-github-pelletier-go-buffruneio-0.2.0-0.1.gitc37440a.el7
librdkafka-0.9.5-1.el7
libtomcrypt-1.17-25.el7
libtommath-0.42.0-5.el7
php-horde-Horde-Image-2.5.1-1.el7
php-phpunit-PHPUnit-4.8.36-1.el7
php-theseer-autoload-1.24.1-1.el7
phpMyAdmin-4.4.15.10-2.el7
python-fedimg-0.7.3-2.el7
python-moksha-hub-1.5.2-1.el7
python-nose2-0.6.5-4.el7
Details about builds:
================================================================================
audacious-3.8.2-2.el7 (FEDORA-EPEL-2017-0a8df111a9)
Advanced audio player
--------------------------------------------------------------------------------
Update Information:
Audacious is an advanced audio player. It is free, lightweight, currently based
on GTK+ 2, runs on Linux and many other *nix platforms and is focused on audio
quality and supporting a wide range of audio codecs. It still features an
alternative skinned user interface (based on Winamp 2.x skins). Historically, it
started as a fork of Beep Media Player (BMP), which itself forked from XMMS.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464760 - Please apply minor patch to allow building using same spec file for
EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1464760
[ 2 ] Bug #1464758 - Please apply minor patch to allow building using same spec file for
EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1464758
--------------------------------------------------------------------------------
================================================================================
audacious-plugins-3.8.2-3.el7 (FEDORA-EPEL-2017-0a8df111a9)
Plugins for the Audacious audio player
--------------------------------------------------------------------------------
Update Information:
Audacious is an advanced audio player. It is free, lightweight, currently based
on GTK+ 2, runs on Linux and many other *nix platforms and is focused on audio
quality and supporting a wide range of audio codecs. It still features an
alternative skinned user interface (based on Winamp 2.x skins). Historically, it
started as a fork of Beep Media Player (BMP), which itself forked from XMMS.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464760 - Please apply minor patch to allow building using same spec file for
EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1464760
[ 2 ] Bug #1464758 - Please apply minor patch to allow building using same spec file for
EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1464758
--------------------------------------------------------------------------------
================================================================================
golang-github-pelletier-go-buffruneio-0.2.0-0.1.gitc37440a.el7
(FEDORA-EPEL-2017-b894f8455e)
Wrapper around bufio to provide buffered runes access with unlimited unreads
--------------------------------------------------------------------------------
Update Information:
Bump to v0.2.0 ---- First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464885 - Tracker for golang-github-pelletier-go-buffruneio
https://bugzilla.redhat.com/show_bug.cgi?id=1464885
[ 2 ] Bug #1430564 - golang-github-pelletier-go-buffruneio-v0.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1430564
[ 3 ] Bug #1387178 - Review Request: golang-github-pelletier-go-buffruneio - Wrapper
around bufio to provide buffered runes access with unlimited unreads
https://bugzilla.redhat.com/show_bug.cgi?id=1387178
--------------------------------------------------------------------------------
================================================================================
librdkafka-0.9.5-1.el7 (FEDORA-EPEL-2017-21e0bfc0f3)
The Apache Kafka C library
--------------------------------------------------------------------------------
Update Information:
This update provides the latest upstream version 0.9.5.
--------------------------------------------------------------------------------
================================================================================
libtomcrypt-1.17-25.el7 (FEDORA-EPEL-2017-1ee32a5ffa)
A comprehensive, portable cryptographic toolkit
--------------------------------------------------------------------------------
Update Information:
- Fix CVE-2016-6129 (#1370955, #1370957) - Update URLs (#1463608, #1463547)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1370955 - CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack
https://bugzilla.redhat.com/show_bug.cgi?id=1370955
--------------------------------------------------------------------------------
================================================================================
libtommath-0.42.0-5.el7 (FEDORA-EPEL-2017-1ee32a5ffa)
A portable number theoretic multiple-precision integer library
--------------------------------------------------------------------------------
Update Information:
- Fix CVE-2016-6129 (#1370955, #1370957) - Update URLs (#1463608, #1463547)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1370955 - CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack
https://bugzilla.redhat.com/show_bug.cgi?id=1370955
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Image-2.5.1-1.el7 (FEDORA-EPEL-2017-2ba20eeb97)
Horde Image API
--------------------------------------------------------------------------------
Update Information:
**Horde_Image 2.5.1** * [mjr] SECURITY: Fix more potential places for command
injections. ---- **Horde_Image 2.5.0** * [mjr] **SECURITY**: Prevent DOS
attack by preventing an infinite loop in certain conditions (CVE-2017-9773,
reported by Fariskhi Vidyan). * [mjr] **SECURITY**: Prevent RCE attacks by
properly sanitizing shell arguments (CVE-2017-9774, reported by Fariskhi
Vidyan). * [jan] Add blur effect.
--------------------------------------------------------------------------------
================================================================================
php-phpunit-PHPUnit-4.8.36-1.el7 (FEDORA-EPEL-2017-2acd86d6ce)
The PHP Unit Testing framework
--------------------------------------------------------------------------------
Update Information:
**Version 4.8.36** - 2017-06-21 * Added
`PHPUnit\Framework\AssertionFailedError`, `PHPUnit\Framework\Test`, and
`PHPUnit\Framework\TestSuite` to the forward compatibility layer for PHPUnit 6
--------------------------------------------------------------------------------
================================================================================
php-theseer-autoload-1.24.1-1.el7 (FEDORA-EPEL-2017-be1229208b)
A tool and library to generate autoload code
--------------------------------------------------------------------------------
Update Information:
**Release 1.24.1** * Merge PR
[#78](https://github.com/theseer/Autoload/pull/78): Restore PHP 5.3
compatibility [Remi] ---- **Release 1.24.0** *
[#77](https://github.com/theseer/Autoload/issues/77): Change duplicate detection
to collect all rather than exit on first
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.4.15.10-2.el7 (FEDORA-EPEL-2017-2b04537603)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
Added backported patch for PMASA-2017-8, see
https://www.phpmyadmin.net/security/PMASA-2017-8/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1437828 - phpMyAdmin: Bypass
$cfg['Servers'][$i]['AllowNoPassword']
https://bugzilla.redhat.com/show_bug.cgi?id=1437828
--------------------------------------------------------------------------------
================================================================================
python-fedimg-0.7.3-2.el7 (FEDORA-EPEL-2017-0e0a269379)
Automatically upload Fedora Cloud images to cloud providers
--------------------------------------------------------------------------------
Update Information:
Updates to 0.7.3. ---- Updates to 0.7.1 ---- Change dependency fedfind to
python2-fedfind ---- Migrate to compose-based uploading
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1464796 - python-fedimg-0.7.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1464796
[ 2 ] Bug #1423753 - Cloud images on AWS account 125523088429 cannot be copied
https://bugzilla.redhat.com/show_bug.cgi?id=1423753
[ 3 ] Bug #1459576 - python-fedimg-0.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1459576
[ 4 ] Bug #1371241 - python-fedimg-0.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1371241
--------------------------------------------------------------------------------
================================================================================
python-moksha-hub-1.5.2-1.el7 (FEDORA-EPEL-2017-63f0e6f499)
Hub components for Moksha
--------------------------------------------------------------------------------
Update Information:
A few more fixes for the STOMP backend (topic header and a fix to ack mode).
---- Small bugfix:
https://github.com/mokshaproject/moksha/pull/43 ----
Latest upstream. - One bugfix:
https://github.com/mokshaproject/moksha/pull/41
- And one feature:
https://github.com/mokshaproject/moksha/pull/42 The feature
enables STOMP consumers to switch from 'auto' ack mode to 'client' ack
mode.
ACKs will be automatically sent to the broker if the consumer does not raise an
Exception. Exceptions raised by consumers will result in a NACK. Please test
with care. ---- One bugfix for STOMP users, which unescapes headers:
https://github.com/mokshaproject/moksha/pull/40 One new feature to properly
support users interacting with durable broker queues:
https://github.com/mokshaproject/moksha/pull/39
--------------------------------------------------------------------------------
================================================================================
python-nose2-0.6.5-4.el7 (FEDORA-EPEL-2017-5d5c7605e4)
Next generation of nicer testing for Python
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------