The following Fedora EPEL 7 Security updates need testing:
Age URL
497
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
260
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
126
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-785fc9a2ea
dropbear-2016.72-1.el7
22
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e0c08a1414
php-PHPMailer-5.2.16-2.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-325598c9ad
pagure-2.2.2-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2e94f8cba5
tcpreplay-4.1.1-2.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-767125139f
python34-3.4.3-5.el7
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d85f5db77a
php-doctrine-orm-2.4.8-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6eebbe7e97
p7zip-16.02-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
BEDTools-2.26.0-1.el7
PEGTL-1.3.1-1.el7
asciinema-1.3.0-1.el7
globus-ftp-control-7.1-1.el7
globus-gass-transfer-8.9-1.el7
kstars-16.04.3-1.el7
p7zip-16.02-1.el7
php-pear-PHP-CodeSniffer-2.6.2-1.el7
php-pecl-krb5-1.1.0-1.el7
php-robrichards-xmlseclibs-2.0.0-2.20160105git84313ca.el7
php-robrichards-xmlseclibs1-1.4.1-2.20160518git2e20c8d.el7
python-appdirs-1.4.0-2.el7
python-bitmath-1.3.1-1.el7
python-cpopen-1.5-1.el7
python-libcnml-0.9.5-1.el7
python-simplepath-0.3.3-1.el7
rpkg-1.46-1.el7
thunderbird-enigmail-1.9.4-1.el7
Details about builds:
================================================================================
BEDTools-2.26.0-1.el7 (FEDORA-EPEL-2016-22706c5e16)
A flexible suite of utilities for comparing genomic features
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 2.26.0
--------------------------------------------------------------------------------
================================================================================
PEGTL-1.3.1-1.el7 (FEDORA-EPEL-2016-6d20e825a0)
Parsing Expression Grammar Template Library
--------------------------------------------------------------------------------
Update Information:
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1356499 - Review Request: PEGTL - Parsing Expression Grammar Template
Library
https://bugzilla.redhat.com/show_bug.cgi?id=1356499
--------------------------------------------------------------------------------
================================================================================
asciinema-1.3.0-1.el7 (FEDORA-EPEL-2016-2471fdc2de)
Command line client (terminal recorder) for
asciinema.org service
--------------------------------------------------------------------------------
Update Information:
- update to new version 1.3.0 - rewritten from Go back to Python (supports
version 3 only)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250094 - please build asciinema for epel7
https://bugzilla.redhat.com/show_bug.cgi?id=1250094
[ 2 ] Bug #1234182 - asciinema-1.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1234182
--------------------------------------------------------------------------------
================================================================================
globus-ftp-control-7.1-1.el7 (FEDORA-EPEL-2016-8c9318c297)
Globus Toolkit - GridFTP Control Library
--------------------------------------------------------------------------------
Update Information:
globus-gass-transfer 8.9 * Fix globus_gass_transfer_register_accept() not
returning error when listener is closing or accept already registered globus-
ftp-control 7.1 * Add forced ordering option
--------------------------------------------------------------------------------
================================================================================
globus-gass-transfer-8.9-1.el7 (FEDORA-EPEL-2016-8c9318c297)
Globus Toolkit - Globus Gass Transfer
--------------------------------------------------------------------------------
Update Information:
globus-gass-transfer 8.9 * Fix globus_gass_transfer_register_accept() not
returning error when listener is closing or accept already registered globus-
ftp-control 7.1 * Add forced ordering option
--------------------------------------------------------------------------------
================================================================================
kstars-16.04.3-1.el7 (FEDORA-EPEL-2016-1a5ce42e7e)
Desktop Planetarium
--------------------------------------------------------------------------------
Update Information:
16.04.3
--------------------------------------------------------------------------------
================================================================================
p7zip-16.02-1.el7 (FEDORA-EPEL-2016-6eebbe7e97)
Very high compression ratio file archiver
--------------------------------------------------------------------------------
Update Information:
Update p7zip to 16.02 and fix security issues for CVE-2016-2335, CVE-2016-2334
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1335575 - CVE-2016-2335 p7zip: Out-of-bounds read vuilerability
https://bugzilla.redhat.com/show_bug.cgi?id=1335575
[ 2 ] Bug #1335577 - CVE-2016-2334 p7zip: Heap-buffer-overflow vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1335577
--------------------------------------------------------------------------------
================================================================================
php-pear-PHP-CodeSniffer-2.6.2-1.el7 (FEDORA-EPEL-2016-1595682019)
PHP coding standards enforcement tool
--------------------------------------------------------------------------------
Update Information:
**Version 2.6.2** - Added a new --exclude CLI argument to exclude a list of
sniffs from checking and fixing (request #904) - Accepts the same sniff
codes as the --sniffs command line argument, but provides the opposite
functionality - Added a new -q command line argument to disable progress and
verbose information from being printed (request #969) - Useful if a coding
standard hard-codes progess or verbose output but you want PHPCS to be quiet
- Use the command "phpcs --config-set quiet true" to turn quiet mode on by
default - Generic LineLength sniff no longer errors for comments that cannot be
broken out onto a new line (request #766) - A typical case is a comment that
contains a very long URL - The comment is ignored if putting the URL on a
indented new comment line would be longer than the allowed length - Settings
extensions in a ruleset no longer causes PHP notices during unit testing -
Thanks to Klaus Purer for the patch - Version control reports now show which
errors are fixable if you are showing sources - Added a new sniff to enforce a
single space after a NOT operator (request #1051) - Include in a ruleset
using the code Generic.Formatting.SpaceAfterNot - The
Squiz.Commenting.BlockComment sniff now supports tabs for indenting comment
lines (request #1056) - Fixed bug #790 : Incorrect missing throws error in
methods that use closures - Fixed bug #908 : PSR2 standard is not checking that
closing brace is on line following the body - Fixed bug #945 : Incorrect indent
behavior using deep-nested function and arrays - Fixed bug #961 : Two anonymous
functions passed as function/method arguments cause indentation false positive -
Fixed bug #1005 : Using global composer vendor autoload breaks PHP lowercase
built-in function sniff - Thanks to Michael Butler for the patch - Fixed bug
#1007 : Squiz Unreachable code detection is not working properly with a closure
inside a case - Fixed bug #1023 : PSR2.Classes.ClassDeclaration fails if class
extends base class and "implements" is on trailing line - Fixed bug #1026 :
Arrays in comma delimited class properties cause ScopeIndent to increase indent
- Fixed bug #1028 : Squiz ArrayDeclaration incorrectly fixes multi-line array
where end bracket is not on a new line - Fixed bug #1034 : Squiz
FunctionDeclarationArgumentSpacing gives incorrect error when first arg is a
variadic - Fixed bug #1036 : Adjacent assignments aligned analysis statement
wrong - Fixed bug #1049 : Version control reports can show notices when the
report width is very small - Fixed bug #21050 : PEAR MultiLineCondition sniff
suppresses errors on last condition line
--------------------------------------------------------------------------------
================================================================================
php-pecl-krb5-1.1.0-1.el7 (FEDORA-EPEL-2016-49522b7e24)
Kerberos authentification extension
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.0** - [FEATURE] PHP7 compatibility - [FEATURE] Support
getting/setting TL_DATA in KADM - [BUG] Fix GSSAPI->acquireCredentials
behaviour, now defaults to GSS_C_INITIATE if only a ccache is available eagerly
initialize credentials when no principal is specified (use ccache default
principal) - [BUG] Fix a couple of memory leaks, add a few more sanity checks
--------------------------------------------------------------------------------
================================================================================
php-robrichards-xmlseclibs-2.0.0-2.20160105git84313ca.el7 (FEDORA-EPEL-2016-4eaeb87c86)
A PHP library for XML Security
--------------------------------------------------------------------------------
Update Information:
xmlseclibs is a library written in PHP for working with XML Encryption and
Signatures. NOTE: php-mcrypt will not be automatically installed as a
dependency of this package so it will need to be "manually" installed if it is
required -- specifically for the following XMLSecurityKey encryption types: -
XMLSecurityKey::AES128_CBC - XMLSecurityKey::AES192_CBC -
XMLSecurityKey::AES256_CBC - XMLSecurityKey::TRIPLEDES_CBC
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1356569 - Review Request: php-robrichards-xmlseclibs - A PHP library for XML
Security
https://bugzilla.redhat.com/show_bug.cgi?id=1356569
--------------------------------------------------------------------------------
================================================================================
php-robrichards-xmlseclibs1-1.4.1-2.20160518git2e20c8d.el7 (FEDORA-EPEL-2016-6a6e50e9bf)
A PHP library for XML Security (version 1)
--------------------------------------------------------------------------------
Update Information:
xmlseclibs is a library written in PHP for working with XML Encryption and
Signatures. NOTE: php-mcrypt will not be automatically installed as a
dependency of this package so it will need to be "manually" installed if it is
required -- specifically for the following XMLSecurityKey encryption types: -
XMLSecurityKey::AES128_CBC - XMLSecurityKey::AES192_CBC -
XMLSecurityKey::AES256_CBC - XMLSecurityKey::TRIPLEDES_CBC
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1356584 - Review Request: php-robrichards-xmlseclibs1 - A PHP library for XML
Security (version 1)
https://bugzilla.redhat.com/show_bug.cgi?id=1356584
--------------------------------------------------------------------------------
================================================================================
python-appdirs-1.4.0-2.el7 (FEDORA-EPEL-2016-b02f9e1187)
Python module for determining platform-specific directories
--------------------------------------------------------------------------------
Update Information:
Initial release in EPEL7
--------------------------------------------------------------------------------
================================================================================
python-bitmath-1.3.1-1.el7 (FEDORA-EPEL-2016-63a6b94850)
Aids representing and manipulating file sizes in various prefix notations
--------------------------------------------------------------------------------
Update Information:
New release
--------------------------------------------------------------------------------
================================================================================
python-cpopen-1.5-1.el7 (FEDORA-EPEL-2016-50177b8e3b)
Creates a sub-process in simpler safer manner
--------------------------------------------------------------------------------
Update Information:
1.5 includes - 7163e79 Do not close inherited fds from parent ---- 1.4-3 -
7163e79 Do not close inherited fds from parent
--------------------------------------------------------------------------------
================================================================================
python-libcnml-0.9.5-1.el7 (FEDORA-EPEL-2016-ed7b6f014c)
libcnml is a CNML parser library for Python
--------------------------------------------------------------------------------
Update Information:
Minor update
--------------------------------------------------------------------------------
================================================================================
python-simplepath-0.3.3-1.el7 (FEDORA-EPEL-2016-a7969edbb2)
A python library for data-structure lookup
--------------------------------------------------------------------------------
Update Information:
Version Update.
--------------------------------------------------------------------------------
================================================================================
rpkg-1.46-1.el7 (FEDORA-EPEL-2016-b1aba63eaa)
Utility for interacting with rpm+git packaging systems
--------------------------------------------------------------------------------
Update Information:
Change log - Warning untracked patches when push (cqi)
[#71](https://pagure.io/rpkg/issue/71) - handle correct spec path when push from
outside the repo (cqi) - Remove support for BuildContainer release task opt
(lucarval)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1353699 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1353699
[ 2 ] Bug #1357155 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1357155
[ 3 ] Bug #1356891 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1356891
--------------------------------------------------------------------------------
================================================================================
thunderbird-enigmail-1.9.4-1.el7 (FEDORA-EPEL-2016-55fd709bec)
Authentication and encryption extension for Mozilla Thunderbird
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.9.4
--------------------------------------------------------------------------------