Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

16 May 2019


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 275  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d   condor-8.6.11-1.el7
  83  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8311ec8a2   tor-0.3.5.8-1.el7
  51  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294   cinnamon-3.6.7-5.el7
  43  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-50a6a1ddfd   afflib-3.7.18-2.el7
  17  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80   python-gnupg-0.4.4-1.el7
  14  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b   bubblewrap-0.3.3-2.el7
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-04c7455f6a   singularity-3.1.1-1.1.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-0d44655ca3   mediaconch-18.03.2-7.el7 libmediainfo-19.04-1.el7 mediainfo-19.04-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
dist-git-1.11-1.el7
    drupal7-7.67-1.el7
    libuv-1.29.0-1.el7
    munin-2.0.49-1.el7
    php-theseer-autoload-1.25.6-1.el7
    rust-1.34.2-1.el7
Details about builds:
================================================================================
 dist-git-1.11-1.el7 (FEDORA-EPEL-2019-48c9e4991f)
 Package source version control system
--------------------------------------------------------------------------------
Update Information:
- remove python3-configparser require - move scripts to bindir  ----  - python3
support - fix for empty webhook dir
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 30 2019 clime clime@redhat.com 1.11-1
- remove python3-configparser require
- move scripts to bindir
* Mon Mar 11 2019 clime clime@redhat.com 1.10-1
- python3 support
- fix post-receive hook in case post.receive.d is empty
--------------------------------------------------------------------------------
================================================================================
 drupal7-7.67-1.el7 (FEDORA-EPEL-2019-1605b73a09)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
- https://www.drupal.org/project/drupal/releases/7.67     - [SA-
CORE-2019-007](https://www.drupal.org/SA-CORE-2019-007)
([CVE-2019-11831](https://nvd.nist.gov/vuln/detail/CVE-2019-11831))
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Shawn Iwinski shawn.iwinski@gmail.com - 7.67-1
- Update to 7.67 (RHBZ #1707958, #1708649, #1708652, #1708653)
- https://www.drupal.org/SA-CORE-2019-007 (CVE-2019-11831)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1707958 - drupal7-7.67 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1707958
--------------------------------------------------------------------------------
================================================================================
 libuv-1.29.0-1.el7 (FEDORA-EPEL-2019-69f42e0b0d)
 Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
Update to libuv 1.29.0  ----  Fix regression causing segmentation faults
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 15 2019 Stephen Gallagher sgallagh@redhat.com - 1.29.0-1
- Update to 1.29.0
- Drop upstreamed patch
* Fri May  3 2019 Stephen Gallagher sgallagh@redhat.com - 1.28.0-2
- Fix regression in uv_fs_poll_stop() (BZ 1703935)
* Tue Apr 23 2019 Stephen Gallagher sgallagh@redhat.com - 1.28.0-1
- Update to libuv 1.28.0
- https://github.com/libuv/libuv/blob/v1.28.0/ChangeLog
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1700033 - libuv-1.29.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1700033
  [ 2 ] Bug #1703935 - assertion failure since 1.27.0
        https://bugzilla.redhat.com/show_bug.cgi?id=1703935
--------------------------------------------------------------------------------
================================================================================
 munin-2.0.49-1.el7 (FEDORA-EPEL-2019-4067ba7c92)
 Network-wide resource monitoring tool
--------------------------------------------------------------------------------
Update Information:
Upstream update for 2.0.49. Includes bugfixes for example for graph zoom urls
and TLS config.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 16 2019 Kim B. Heino b@bbbs.net - 2.0.49-1
- Upgrade to 2.0.49
* Mon Mar 18 2019 Kim B. Heino b@bbbs.net - 2.0.45-2
- Drop munin-plugins-java subpackage
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1710596 - TLS config is not configurable per-node
        https://bugzilla.redhat.com/show_bug.cgi?id=1710596
--------------------------------------------------------------------------------
================================================================================
 php-theseer-autoload-1.25.6-1.el7 (FEDORA-EPEL-2019-e582af8a76)
 A tool and library to generate autoload code
--------------------------------------------------------------------------------
Update Information:
**Release 1.25.6**  * Fix: Add `lib-` prefixed dependencies in composer.json to
ignore list
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 16 2019 Remi Collet remi@remirepo.net - 1.25.6-1
- update to 1.25.6
--------------------------------------------------------------------------------
================================================================================
 rust-1.34.2-1.el7 (FEDORA-EPEL-2019-d96aef0d8f)
 The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2019-12083
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 14 2019 Josh Stone jistone@redhat.com - 1.34.2-1
- Update to 1.34.2 -- fixes CVE-2019-12083.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1709709 - CVE-2019-12083 rust: overriden stabilized method `Error::type_id` can violate Rust's safety guarantees leading to out-of-bounds write or read
        https://bugzilla.redhat.com/show_bug.cgi?id=1709709
--------------------------------------------------------------------------------