The following Fedora EPEL 7 Security updates need testing: Age URL 653 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 394 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 392 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 102 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6 python-waitress-1.4.3-1.el7 42 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-19d171a465 python34-3.4.10-5.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-235a51a239 clamav-0.102.3-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ae83e43288 log4net-2.0.8-10.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-567eda5296 exim-4.93-3.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-134c471656 json-c12-0.12.1-4.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ff11142989 netdata-1.22.1-3.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-e7814b7723 transmission-2.94-9.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-19de895038 knot-resolver-5.1.1-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed6bc3c8d4 golang-1.13.11-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-05b9f2eac5 sympa-6.2.56-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6f2a4db251 mbedtls-2.7.15-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c47d3538f7 cacti-1.2.12-1.el7 cacti-spine-1.2.12-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
borgbackup-1.1.11-3.el7 distribution-gpg-keys-1.39-1.el7 fedmsg-1.1.2-1.el7 jq-1.6-2.el7 libb2-0.98.1-2.el7 oniguruma-6.8.2-1.el7 php-justinrainbow-json-schema5-5.2.10-1.el7 publicsuffix-list-20190417-3.el7 rancid-3.12-1.el7
Details about builds:
================================================================================ borgbackup-1.1.11-3.el7 (FEDORA-EPEL-2020-f9ac9a4f30) A deduplicating backup program with compression and authenticated encryption -------------------------------------------------------------------------------- Update Information:
- Release 0.98.1 -------------------------------------------------------------------------------- ChangeLog:
* Fri May 22 2020 Felix Schwarz fschwarz@fedoraproject.org - 1.1.11-3 - rebuilt due to libb2 update -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1836534 - Please build libb2-0.98.1 for Fedora 31 https://bugzilla.redhat.com/show_bug.cgi?id=1836534 [ 2 ] Bug #1836535 - Please build libb2-0.98.1 for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1836535 --------------------------------------------------------------------------------
================================================================================ distribution-gpg-keys-1.39-1.el7 (FEDORA-EPEL-2020-dbd3fa1b52) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information:
- update copr keys - add intel gpg key - add RosaLinux GPG keyring -------------------------------------------------------------------------------- ChangeLog:
* Thu May 28 2020 Miroslav Such�� msuchy@redhat.com 1.39-1 - update copr keys - add intel gpg key - add RosaLinux GPG keyring --------------------------------------------------------------------------------
================================================================================ fedmsg-1.1.2-1.el7 (FEDORA-EPEL-2020-57b34fde20) Tools for Fedora Infrastructure real-time messaging -------------------------------------------------------------------------------- Update Information:
Fix for STOMP handling of non-dict JSON messages. -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Ralph Bean rbean@redhat.com - 1.1.2-1 - Latest upstream. --------------------------------------------------------------------------------
================================================================================ jq-1.6-2.el7 (FEDORA-EPEL-2020-101619ac61) Command-line JSON processor -------------------------------------------------------------------------------- Update Information:
# BACKWARDS INCOMPATIBLE UPGRADE This update is required to resolve some [outstanding CVEs](https://bugzilla.redhat.com/show_bug.cgi?id=1777660). It was [approved by the EPEL steering committee](https://meetbot.fedoraproject.org/team s/epel/epel.2020-05-22-21.04.html). It changes the library soname from libonig.so.2 to libonig.so.5. The only software in EPEL 7 affected by this is jq, which has been rebuilt as part of this update. -------------------------------------------------------------------------------- ChangeLog:
* Wed May 27 2020 Troy Dawsontdawson@redhat.com - 1.6-2 - Rebuilt for updated oniguruma (#1836692) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1466750 - CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1466750 [ 2 ] Bug #1777660 - oniguruma: update to latest version to address CVEs https://bugzilla.redhat.com/show_bug.cgi?id=1777660 [ 3 ] Bug #1836692 - jq: rebuild for oniguruma rebase https://bugzilla.redhat.com/show_bug.cgi?id=1836692 --------------------------------------------------------------------------------
================================================================================ libb2-0.98.1-2.el7 (FEDORA-EPEL-2020-f9ac9a4f30) C library providing BLAKE2b, BLAKE2s, BLAKE2bp, BLAKE2sp -------------------------------------------------------------------------------- Update Information:
- Release 0.98.1 -------------------------------------------------------------------------------- ChangeLog:
* Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 0.98.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Mon Sep 9 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 0.98.1-1 - Update to latest tagged version * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 0.98-4.20171225git60ea749 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 0.98-3.20171225git60ea749 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 0.98-2.20171225git60ea749 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1836534 - Please build libb2-0.98.1 for Fedora 31 https://bugzilla.redhat.com/show_bug.cgi?id=1836534 [ 2 ] Bug #1836535 - Please build libb2-0.98.1 for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1836535 --------------------------------------------------------------------------------
================================================================================ oniguruma-6.8.2-1.el7 (FEDORA-EPEL-2020-101619ac61) Regular expressions library -------------------------------------------------------------------------------- Update Information:
# BACKWARDS INCOMPATIBLE UPGRADE This update is required to resolve some [outstanding CVEs](https://bugzilla.redhat.com/show_bug.cgi?id=1777660). It was [approved by the EPEL steering committee](https://meetbot.fedoraproject.org/team s/epel/epel.2020-05-22-21.04.html). It changes the library soname from libonig.so.2 to libonig.so.5. The only software in EPEL 7 affected by this is jq, which has been rebuilt as part of this update. -------------------------------------------------------------------------------- ChangeLog:
* Tue May 26 2020 Carl George carl@george.computer - 6.8.2-1 - Rebase to 6.8.2 rhbz#1777660 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1466750 - CVE-2017-9224 CVE-2017-9225 CVE-2017-9226 CVE-2017-9227 CVE-2017-9228 CVE-2017-9229 oniguruma: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1466750 [ 2 ] Bug #1777660 - oniguruma: update to latest version to address CVEs https://bugzilla.redhat.com/show_bug.cgi?id=1777660 [ 3 ] Bug #1836692 - jq: rebuild for oniguruma rebase https://bugzilla.redhat.com/show_bug.cgi?id=1836692 --------------------------------------------------------------------------------
================================================================================ php-justinrainbow-json-schema5-5.2.10-1.el7 (FEDORA-EPEL-2020-4bcadd1bdc) A library to validate a json schema -------------------------------------------------------------------------------- Update Information:
**Version 5.2.10** * 614 Use lowercase package name for test suite * 619 Fix PHP 8 deprecated warnings * 607 Repleace deprecated curved brackets [sic] * 605 Test on PHP 7.4 and HHVM (3.18 explicitly) * 606 Further travis tweaks #597 Add .gitattributes to .gitattributes -------------------------------------------------------------------------------- ChangeLog:
* Thu May 28 2020 Remi Collet remi@remirepo.net - 5.2.10-1 - update to 5.2.10 --------------------------------------------------------------------------------
================================================================================ publicsuffix-list-20190417-3.el7 (FEDORA-EPEL-2020-c4bd692fa7) Cross-vendor public domain suffix database -------------------------------------------------------------------------------- Update Information:
Initial package release -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1836280 - Epel7 branch request https://bugzilla.redhat.com/show_bug.cgi?id=1836280 --------------------------------------------------------------------------------
================================================================================ rancid-3.12-1.el7 (FEDORA-EPEL-2020-7d375fd635) Really Awesome New Cisco confIg Differ -------------------------------------------------------------------------------- Update Information:
Update to 3.12 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 28 2020 Charles R. Anderson cra@wpi.edu - 3.12-1 - Update to 3.12 * Tue Feb 11 2020 Charles R. Anderson cra@wpi.edu - 3.11-1 - Update to 3.11 * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 3.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 3.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1816856 - Please upgrade RANCID to 3.11 in EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1816856 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org