The following Fedora EPEL 7 Security updates need testing:
Age URL
571
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d
condor-8.6.11-1.el7
312
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80
python-gnupg-0.4.4-1.el7
310
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b
bubblewrap-0.3.3-2.el7
20
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6
python-waitress-1.4.3-1.el7
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b57b954fde
openfortivpn-1.12.0-1.el7
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-1f5dbc1cd7
cacti-1.2.10-1.el7 cacti-spine-1.2.10-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-471d8a7abd
sympa-6.2.54-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b3684de763
mbedtls-2.7.14-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4fdca9429c
seamonkey-2.53.1-2.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fbd804208a
monit-5.26.0-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ansible-2.9.6-1.el7
koji-1.20.1-1.el7
Details about builds:
================================================================================
ansible-2.9.6-1.el7 (FEDORA-EPEL-2020-9d0b57e90e)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.9.6 and fix for 2 CVES: CVE-2020-1737, CVE-2020-1739 ----
Update to bugfix version 2.9.5. See
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v...
for details
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 6 2020 Kevin Fenzi <kevin(a)scrye.com> - 2.9.6-1
- Update to 2.9.6. Fixes bug #1810373
- fixes for CVE-2020-1737, CVE-2020-1739
* Thu Feb 13 2020 Kevin Fenzi <kevin(a)scrye.com> - 2.9.5-1
- Update to 2.9.5
* Tue Jan 21 2020 Kevin Fenzi <kevin(a)scrye.com> - 2.9.4-1
- Update to 2.9.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1805322 - CVE-2020-1739 ansible: svn module leaks password when specified as
a parameter [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805322
[ 2 ] Bug #1810373 - ansible-2.9.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1810373
[ 3 ] Bug #1805329 - CVE-2020-1737 ansible: Extract-Zip function in win_unzip module
does not check extracted path [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805329
[ 4 ] Bug #1802725 - ansible-2.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1802725
--------------------------------------------------------------------------------
================================================================================
koji-1.20.1-1.el7 (FEDORA-EPEL-2020-8468336499)
Build system tools
--------------------------------------------------------------------------------
Update Information:
Update to 1.20.1 upstream bugfix minor release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 6 2020 Kevin Fenzi <kevin(a)scrye.com> - 1.20.1-1
- Update to 1.20.1
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.20.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------