The following Fedora EPEL 7 Security updates need testing: Age URL 813 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 576 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 158 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 56 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 54 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4 tnef-1.4.14-1.el7 53 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e2fae7fb04 squirrelmail-1.4.22-16.el7 18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6acdeb07a7 chicken-4.12.0-2.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4269265615 menu-cache-1.0.1-2.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-692b72b3c9 chromium-58.0.3029.110-2.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a9209fb240 wordpress-4.7.5-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3ad7cbb1a1 moodle-3.1.6-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c0b04702c2 compat-tidy-0.99.0-37.20091203.el7 libopkele-2.0.4-9.el7 mod_auth_openid-0.8-2.el7 psi-plus-0.16-0.22.20141205git440.el7 tidy-5.4.0-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1d6738e592 dropbear-2017.75-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-83ccfea1c9 yara-3.6.0-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9eed76e8c2 python-camel-0.1.2-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30c96f21ef mosquitto-1.4.12-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-776e20faa7 mingw-libtasn1-4.12-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ReviewBoard-2.5.12-1.el7 awstats-7.6-3.el7 beaker-24.3-1.el7 dynafed-1.3.1-1.el7 gfal2-2.13.4-1.el7 inxi-2.3.9-1.el7 jumpnbump-1.60-1.el7 kompose-0.7.0-0.1.el7 lcgdm-dav-0.18.2-1.el7 mingw-libtasn1-4.12-1.el7 mlmmj-1.3.0-1.el7 mosquitto-1.4.12-1.el7 picocom-2.2-2.el7 ptpython-0.39-1.el7 python-camel-0.1.2-1.el7 python-django-evolution-0.7.7-1.el7 python-django-tastypie-0.12.2-1.el7 python-djblets-0.9.7-1.el7 python-msrest-0.4.8-2.el7 python-unidiff-0.5.4-1.el7 python-yamlordereddictloader-0.3.0-1.el7 python34-3.4.5-4.el7 yara-3.6.0-1.el7
Details about builds:
================================================================================ ReviewBoard-2.5.12-1.el7 (FEDORA-EPEL-2017-6b6dd9ab3c) Web-based code review tool -------------------------------------------------------------------------------- Update Information:
Update to ReviewBoard 2.5.12 https://www.reviewboard.org/docs/releasenotes/reviewboard/2.5.11/ https://www.reviewboard.org/docs/releasenotes/reviewboard/2.5.12/ --------------------------------------------------------------------------------
================================================================================ awstats-7.6-3.el7 (FEDORA-EPEL-2017-06b46fdc74) Advanced Web Statistics -------------------------------------------------------------------------------- Update Information:
awstats_buildstaticpages.pl and awstats_updateall.pl try to use /usr/share/awstats/wwwroot/cgi-bin/awstats.pl first. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1264881 - awstats-7.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1264881 --------------------------------------------------------------------------------
================================================================================ beaker-24.3-1.el7 (FEDORA-EPEL-2017-25c49702d0) Full-stack software and hardware integration testing system -------------------------------------------------------------------------------- Update Information:
Upstream version 24.3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1456803 - beaker-24.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1456803 --------------------------------------------------------------------------------
================================================================================ dynafed-1.3.1-1.el7 (FEDORA-EPEL-2017-14f27fb6cf) Ultra-scalable dynamic system for federating HTTP-based storage resources -------------------------------------------------------------------------------- Update Information:
* new upstream release --------------------------------------------------------------------------------
================================================================================ gfal2-2.13.4-1.el7 (FEDORA-EPEL-2017-a7513c3cae) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information:
New upstream release --------------------------------------------------------------------------------
================================================================================ inxi-2.3.9-1.el7 (FEDORA-EPEL-2017-eef6f8d683) A full featured system information script -------------------------------------------------------------------------------- Update Information:
Update to 2.3.9. --------------------------------------------------------------------------------
================================================================================ jumpnbump-1.60-1.el7 (FEDORA-EPEL-2017-7f7dd3851b) Cute multiplayer platform game with bunnies -------------------------------------------------------------------------------- Update Information:
Import in Fedora (#1456203) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1456203 - Review Request: jumpnbump - Cute multiplayer platform game with bunnies https://bugzilla.redhat.com/show_bug.cgi?id=1456203 --------------------------------------------------------------------------------
================================================================================ kompose-0.7.0-0.1.el7 (FEDORA-EPEL-2017-2d83579e00) Tool to move from 'docker-compose' to Kubernetes -------------------------------------------------------------------------------- Update Information:
Update to 0.7.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1455725 - kompose-v0.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1455725 --------------------------------------------------------------------------------
================================================================================ lcgdm-dav-0.18.2-1.el7 (FEDORA-EPEL-2017-0b527c0fb1) HTTP/DAV front end to the DPM/LFC services -------------------------------------------------------------------------------- Update Information:
New upstream release --------------------------------------------------------------------------------
================================================================================ mingw-libtasn1-4.12-1.el7 (FEDORA-EPEL-2017-776e20faa7) MinGW Windows libtasn1 library -------------------------------------------------------------------------------- Update Information:
Noteworthy changes in release 4.11 (released 2017-05-27) [stable] - Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid encoding in the DER time fields. - Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in X.509 certificates (which are common) even though strict DER adherence is enforced in other fields. - Added safety check in asn1_find_node(). That prevents a crash when a very long variable name is provided by the developer. Note that this to be exploited requires controlling the ASN.1 definitions used by the developer, i.e., the 'name' parameter of asn1_write_value() or asn1_read_value(). The library is not designed to protect against malicious manipulation of the developer assigned variable names. Reported by Jakub Jirasek. Noteworthy changes in release 4.10 (released 2017-01-16) [stable] - Updated gnulib - Removed -Werror from default compiler flags - Fixed undefined behavior when negating integers in _asn1_ltostr(). Issue found by oss-fuzz project (via gnutls): https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=388 - Pass the correct length to _asn1_get_indefinite_length_string in asn1_get_length_ber. This addresses reading 1-byte past the end of data. Issue found by oss-fuzz project (via gnutls): https://bugs.chromium.org/p/oss- fuzz/issues/detail?id=330 https://bugs.chromium.org/p/oss- fuzz/issues/detail?id=331 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1456766 - CVE-2017-6891 mingw-libtasn1: libtasn1: Stack-based buffer overflow in asn1_find_node() [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1456766 [ 2 ] Bug #1325970 - CVE-2016-4008 mingw-libtasn1: libtasn1: infinite loop while parsing DER certificates [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1325970 [ 3 ] Bug #1218144 - CVE-2015-3622 mingw-libtasn1: libtasn1: heap overflow flaw in _asn1_extract_der_octet() [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1218144 --------------------------------------------------------------------------------
================================================================================ mlmmj-1.3.0-1.el7 (FEDORA-EPEL-2017-b6f4cebb62) A simple and slim mailing list manager inspired by ezmlm -------------------------------------------------------------------------------- Update Information:
1.3.0 --- - Czech translation (Ji���� ��olc) - Don't use address extensions from non-list addresses - Fix some RFC 5321 compliance issues (Martijn Grendelman) - Add smtphelo tunable (Andreas Schulze) - Implement modonlypost -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1455531 - mlmmj-1.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1455531 --------------------------------------------------------------------------------
================================================================================ mosquitto-1.4.12-1.el7 (FEDORA-EPEL-2017-30c96f21ef) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information:
Fix CVE-2017-7650 (rhbz#1456507) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1456507 - CVE-2017-7650 mosquitto: Pattern based ACLs can be bypassed https://bugzilla.redhat.com/show_bug.cgi?id=1456507 --------------------------------------------------------------------------------
================================================================================ picocom-2.2-2.el7 (FEDORA-EPEL-2017-d6bf37cbc6) Minimal serial communications program -------------------------------------------------------------------------------- Update Information:
picocom for epel7. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1344316 - Package picocom for epel7 https://bugzilla.redhat.com/show_bug.cgi?id=1344316 --------------------------------------------------------------------------------
================================================================================ ptpython-0.39-1.el7 (FEDORA-EPEL-2017-6384c8fc42) Python REPL build on top of prompt_toolkit -------------------------------------------------------------------------------- Update Information:
- bug fixes - Fixed bug in run_ptipython. (It could fail to start if the config directory already existed.) - Fixed syntax error in run_ptipython script. - Display 'VISUAL BLOCK' and 'INSERT' when we're in these modes. - Handle ValueError in PythonValidator. Python2 raises ValueError if the input contains an invalid escape sequence. - Use load_key_bindings instead of KeyBindingsManager. (For the latest prompt_toolkit.) - Set 'reverse_vi_search_direction'. (Search backwards when '/' was pressed in Vi mode.) - Check for symlink when creating config dir. - Make default config dir filepath OS independent. - Remove minor python version in entry point. - Fixed .ptpython directory creation in run_ptpython. - new features - Also accept Ctrl-D for quitting the 'exit confirmation' dialog. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1442460 - ptpython-0.39 is available https://bugzilla.redhat.com/show_bug.cgi?id=1442460 --------------------------------------------------------------------------------
================================================================================ python-camel-0.1.2-1.el7 (FEDORA-EPEL-2017-9eed76e8c2) Python serialization for adults -------------------------------------------------------------------------------- Update Information:
Update to v0.1.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1456617 - python-camel-v0.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1456617 --------------------------------------------------------------------------------
================================================================================ python-django-evolution-0.7.7-1.el7 (FEDORA-EPEL-2017-6b6dd9ab3c) Schema evolution for Django -------------------------------------------------------------------------------- Update Information:
Update to ReviewBoard 2.5.12 https://www.reviewboard.org/docs/releasenotes/reviewboard/2.5.11/ https://www.reviewboard.org/docs/releasenotes/reviewboard/2.5.12/ --------------------------------------------------------------------------------
================================================================================ python-django-tastypie-0.12.2-1.el7 (FEDORA-EPEL-2017-a8e6464748) A flexible and capable API layer for Django -------------------------------------------------------------------------------- Update Information:
First tastypie package for EPEL7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1335122 - python-django-tastypie missing from EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1335122 --------------------------------------------------------------------------------
================================================================================ python-djblets-0.9.7-1.el7 (FEDORA-EPEL-2017-6b6dd9ab3c) A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information:
Update to ReviewBoard 2.5.12 https://www.reviewboard.org/docs/releasenotes/reviewboard/2.5.11/ https://www.reviewboard.org/docs/releasenotes/reviewboard/2.5.12/ --------------------------------------------------------------------------------
================================================================================ python-msrest-0.4.8-2.el7 (FEDORA-EPEL-2017-dd0632f0e7) AutoRest swagger generator Python client runtime -------------------------------------------------------------------------------- Update Information:
* Fix random ���pool is closed��� error ([#29](https://github.com/Azure/msrest-for- python/pull/29)) * Fix requests dependency to version 2.x, since version 3.x is annunced to be breaking. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1454515 - python-msrest-v0.4.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1454515 --------------------------------------------------------------------------------
================================================================================ python-unidiff-0.5.4-1.el7 (FEDORA-EPEL-2017-0319a42894) Python library to parse and interact with unified diffs (patches) -------------------------------------------------------------------------------- Update Information:
New upstream release 0.5.4: https://github.com/matiasb/python- unidiff/blob/v0.5.4/HISTORY -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1441013 - python-unidiff-0.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441013 --------------------------------------------------------------------------------
================================================================================ python-yamlordereddictloader-0.3.0-1.el7 (FEDORA-EPEL-2017-53bfb85a16) YAML loader for PyYAML that maintains key order -------------------------------------------------------------------------------- Update Information:
New upstream version 0.3.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1456626 - python-yamlordereddictloader-0.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1456626 --------------------------------------------------------------------------------
================================================================================ python34-3.4.5-4.el7 (FEDORA-EPEL-2017-1e0d75a462) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information:
Do not exclude bundled setuptools and pip from the installation -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1263057 - pyvenv3.4 doesn't work without pip https://bugzilla.redhat.com/show_bug.cgi?id=1263057 --------------------------------------------------------------------------------
================================================================================ yara-3.6.0-1.el7 (FEDORA-EPEL-2017-83ccfea1c9) Pattern matching Swiss knife for malware researchers -------------------------------------------------------------------------------- Update Information:
Update to a bugfix release of yara. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1440739 - CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924 yara: Multiple security issues [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1440739 [ 2 ] Bug #1451383 - CVE-2017-8929 yara: Use-after-free in sized_string_cmp function [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1451383 [ 3 ] Bug #1451384 - CVE-2017-8929 yara: Use-after-free in sized_string_cmp function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1451384 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org